diff --git a/Source/GSSocketStream.m b/Source/GSSocketStream.m index 20f2589db..2b0ac5ee9 100644 --- a/Source/GSSocketStream.m +++ b/Source/GSSocketStream.m @@ -536,8 +536,7 @@ GSTLSPush(gnutls_transport_ptr_t handle, const void *buffer, size_t len) direction: (server ? NO : YES) transport: (void*)self push: GSTLSPush - pull: GSTLSPull - host: nil]; + pull: GSTLSPull]; initialised = YES; return self; } diff --git a/Source/GSTLS.h b/Source/GSTLS.h index dd4ba39e4..d50c6fab7 100644 --- a/Source/GSTLS.h +++ b/Source/GSTLS.h @@ -42,6 +42,14 @@ #include #undef id +extern NSString * const GSTLSCAFile; +extern NSString * const GSTLSCertificateFile; +extern NSString * const GSTLSCertificateKeyFile; +extern NSString * const GSTLSCertificateKeyPassword; +extern NSString * const GSTLSDebug; +extern NSString * const GSTLSCAVerify; +extern NSString * const GSTLSRemoteHosts; + /* This class is used to ensure that the GNUTLS system is initialised * and thread-safe. */ @@ -112,13 +120,11 @@ typedef ssize_t (*GSTLSIOW)(gnutls_transport_ptr_t, const void *, size_t); /* This class encapsulates a session to a remote system. * Sessions are created with a direction and an options dictionary, * defining how they will operate. The handle, pushFunc and pullFunc - * provide the I/O mechanism, and the host specifies the host that the - * session is connected to. + * provide the I/O mechanism. */ @interface GSTLSSession : GSTLSObject { NSDictionary *opts; - NSHost *host; GSTLSPrivateKey *key; GSTLSCertificateList *list; GSTLSDHParams *dhParams; @@ -134,15 +140,13 @@ typedef ssize_t (*GSTLSIOW)(gnutls_transport_ptr_t, const void *, size_t); direction: (BOOL)isOutgoing transport: (void*)handle push: (GSTLSIOW)pushFunc - pull: (GSTLSIOR)pullFunc - host: (NSHost*)remote; + pull: (GSTLSIOR)pullFunc; - (id) initWithOptions: (NSDictionary*)options direction: (BOOL)isOutgoing transport: (void*)handle push: (GSTLSIOW)pushFunc - pull: (GSTLSIOR)pullFunc - host: (NSHost*)remote; + pull: (GSTLSIOR)pullFunc; /* Return YES if the session is active (handshake has succeeded and the * session has not been disconnected), NO otherwise. diff --git a/Source/GSTLS.m b/Source/GSTLS.m index 3a913daa2..542a07f0e 100644 --- a/Source/GSTLS.m +++ b/Source/GSTLS.m @@ -709,7 +709,6 @@ static NSMutableDictionary *privateKeyCache1 = nil; transport: (void*)handle push: (GSTLSIOW)pushFunc pull: (GSTLSIOR)pullFunc - host: (NSHost*)host { GSTLSSession *sess; @@ -717,8 +716,7 @@ static NSMutableDictionary *privateKeyCache1 = nil; direction: isOutgoing transport: handle push: pushFunc - pull: pullFunc - host: host]; + pull: pullFunc]; return [sess autorelease]; } @@ -731,7 +729,6 @@ static NSMutableDictionary *privateKeyCache1 = nil; { [self finalize]; DESTROY(opts); - DESTROY(host); DESTROY(list); DESTROY(key); DESTROY(dhParams); @@ -766,7 +763,6 @@ static NSMutableDictionary *privateKeyCache1 = nil; transport: (void*)handle push: (GSTLSIOW)pushFunc pull: (GSTLSIOR)pullFunc - host: (NSHost*)remote { if (nil != (self = [super init])) { @@ -779,7 +775,6 @@ static NSMutableDictionary *privateKeyCache1 = nil; BOOL debug = (globalDebug > 0) ? YES : NO; opts = [options copy]; - host = [remote copy]; outgoing = isOutgoing ? YES : NO; if (NO == debug) @@ -1157,19 +1152,20 @@ static NSMutableDictionary *privateKeyCache1 = nil; if (cert_list_size > 0 && gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) { - char dn[128]; - char serial[40]; - size_t dn_size = sizeof(dn); - size_t serial_size = sizeof(serial); - time_t expiret; - time_t activet; - int algo; - unsigned int bits; - int i; int cert_num; for (cert_num = 0; cert_num < cert_list_size; cert_num++) { + char dn[1024]; + size_t dn_size = sizeof(dn); + char serial[40]; + size_t serial_size = sizeof(serial); + time_t expiret; + time_t activet; + int algo; + unsigned int bits; + int i; + gnutls_x509_crt_init(&cert); /* NB. the list of peer certificate is in memory in native * format (DER) rather than the normal file format (PEM). @@ -1177,6 +1173,7 @@ static NSMutableDictionary *privateKeyCache1 = nil; gnutls_x509_crt_import(cert, &cert_list[cert_num], GNUTLS_X509_FMT_DER); + [str appendString: @"\n"]; [str appendFormat: _(@"- Certificate %d info:\n"), cert_num]; expiret = gnutls_x509_crt_get_expiration_time(cert); @@ -1233,11 +1230,17 @@ static NSMutableDictionary *privateKeyCache1 = nil; [str appendFormat: _(@"- Certificate version: #%d\n"), gnutls_x509_crt_get_version(cert)]; + dn_size = sizeof(dn); gnutls_x509_crt_get_dn(cert, dn, &dn_size); - [str appendFormat: @"- Certificate DN: %s\n", dn]; + dn[dn_size - 1] = '\0'; + [str appendFormat: @"- Certificate DN: %@\n", + [NSString stringWithUTF8String: dn]]; + dn_size = sizeof(dn); gnutls_x509_crt_get_issuer_dn(cert, dn, &dn_size); - [str appendFormat: _(@"- Certificate Issuer's DN: %s\n"), dn]; + dn[dn_size - 1] = '\0'; + [str appendFormat: _(@"- Certificate Issuer's DN: %@\n"), + [NSString stringWithUTF8String: dn]]; gnutls_x509_crt_deinit(cert); } @@ -1371,15 +1374,6 @@ static NSMutableDictionary *privateKeyCache1 = nil; str = [opts objectForKey: GSTLSRemoteHosts]; if (nil == str) { - /* No names specified ... use all known names for the host we are - * connecting to. - */ - names = [host names]; - } - else if ([str length] == 0) - { - /* Empty name ... disable host name checking. - */ names = nil; } else diff --git a/Source/NSFileHandle.m b/Source/NSFileHandle.m index ee8b4f719..014543426 100644 --- a/Source/NSFileHandle.m +++ b/Source/NSFileHandle.m @@ -28,10 +28,12 @@ #import "common.h" #define EXPOSE_NSFileHandle_IVARS 1 #import "Foundation/NSData.h" -#import "Foundation/NSFileHandle.h" #import "Foundation/NSException.h" +#import "Foundation/NSHost.h" +#import "Foundation/NSFileHandle.h" #import "Foundation/NSPathUtilities.h" #import "GNUstepBase/NSObject+GNUstepBase.h" +#import "GNUstepBase/NSString+GNUstepBase.h" #import "GSPrivate.h" #import "GSNetwork.h" @@ -991,12 +993,33 @@ GSTLSHandlePush(gnutls_transport_ptr_t handle, const void *buffer, size_t len) */ if (nil == session) { + /* If No value is specified for GSTLSRemoteHosts, make a comma separated + * list of all known names for the remote host and use that. + */ + if (nil == [opts objectForKey: GSTLSRemoteHosts]) + { + NSHost *host = [NSHost hostWithAddress: [self socketAddress]]; + NSString *s = [[host names] description]; + + s = [s stringByReplacingString: @"\"" withString: @""]; + if ([s length] > 1) + { + s = [s substringWithRange: NSMakeRange(1, [s length] - 2)]; + } + if ([s length] > 0) + { + NSMutableDictionary *d = [opts mutableCopy]; + + [d setObject:s forKey: GSTLSRemoteHosts]; + ASSIGNCOPY(opts, d); + [d release]; + } + } session = [[GSTLSSession alloc] initWithOptions: opts direction: isOutgoing transport: (void*)self push: GSTLSHandlePush - pull: GSTLSHandlePull - host: nil]; + pull: GSTLSHandlePull]; } if (NO == [session handshake])