gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-30 16:30:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Try to honor protocol selection

Browse source 
git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@25878 72102866-910b-0410-8b05-ffd578937521
This commit is contained in:
rfm 2008-01-06 07:39:03 +00:00
parent bf1e04b67d
commit d763e93ea3
2 changed files with 105 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -5,6 +5,10 @@
namespaces in XPath expressions. namespaces in XPath expressions.
* Headers/Additions/GNUstepBase/GSXML.h: Same. * Headers/Additions/GNUstepBase/GSXML.h: Same.
2008-01-05 Richard Frith-Macdonald <rfm@gnu.org>
* Source/GSSocketStream.m: Try to honor protocol requested.
2008-01-05 Richard Frith-Macdonald <rfm@gnu.org> 2008-01-05 Richard Frith-Macdonald <rfm@gnu.org>
* config/pathtls.m4: fixup form mingw32 * config/pathtls.m4: fixup form mingw32

148
Source/GSSocketStream.m
View file

@ -82,6 +82,7 @@ static struct gcry_thread_cbs gcry_threads_other = {
{ {
GSSocketInputStream *input; // Not retained GSSocketInputStream *input; // Not retained
GSSocketOutputStream *output; // Not retained GSSocketOutputStream *output; // Not retained
BOOL initialised;
BOOL handshake; BOOL handshake;
BOOL active; BOOL active;
#if defined(HAVE_GNUTLS) #if defined(HAVE_GNUTLS)
@ -202,22 +203,23 @@ static gnutls_anon_client_credentials_t anoncred;
- (void) bye - (void) bye
{ {
#if defined(HAVE_GNUTLS) #if defined(HAVE_GNUTLS)
if (handshake == NO) if (active == YES || handshake == YES)
{ {
if (active == NO)
{
return;
}
active = NO; active = NO;
handshake = NO;
gnutls_bye (session, GNUTLS_SHUT_RDWR); gnutls_bye (session, GNUTLS_SHUT_RDWR);
} }
gnutls_deinit (session);
#endif /* HAVE_GNUTLS */ #endif /* HAVE_GNUTLS */
} }
- (void) dealloc - (void) dealloc
{ {
[self bye]; [self bye];
#if defined(HAVE_GNUTLS)
gnutls_db_remove_session (session);
gnutls_deinit (session);
gnutls_certificate_free_credentials (&certcred);
#endif /* HAVE_GNUTLS */
[super dealloc]; [super dealloc];
} }
@ -235,47 +237,6 @@ static gnutls_anon_client_credentials_t anoncred;
if (handshake == NO) if (handshake == NO)
{ {
/* Configure this session to support certificate based
* operation.
*/
gnutls_certificate_allocate_credentials (&certcred);
/* FIXME ... should get the trusted authority certificates
* from somewhere sensible to validate the remote end!
*/
gnutls_certificate_set_x509_trust_file
(certcred, "ca.pem", GNUTLS_X509_FMT_PEM);
/* Initialise session and set default priorities foir key exchange.
*/
gnutls_init (&session, GNUTLS_CLIENT);
gnutls_set_default_priority (session);
/*
{
const int kx_prio[] = {
GNUTLS_KX_RSA,
GNUTLS_KX_RSA_EXPORT,
GNUTLS_KX_DHE_RSA,
GNUTLS_KX_DHE_DSS,
GNUTLS_KX_ANON_DH,
0 };
gnutls_kx_set_priority (session, kx_prio);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
}
*/
/* Set certificate credentials for this session.
*/
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, certcred);
/* Set transport layer to use our low level stream code.
*/
gnutls_transport_set_lowat (session, 0);
gnutls_transport_set_pull_function (session, GSTLSPull);
gnutls_transport_set_push_function (session, GSTLSPush);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)self);
/* Set flag to say we are now doing a handshake. /* Set flag to say we are now doing a handshake.
*/ */
handshake = YES; handshake = YES;
@ -299,8 +260,101 @@ static gnutls_anon_client_credentials_t anoncred;
output: (GSSocketOutputStream*)o output: (GSSocketOutputStream*)o
{ {
#if defined(HAVE_GNUTLS) #if defined(HAVE_GNUTLS)
NSString *proto = [i propertyForKey: NSStreamSocketSecurityLevelKey];
if ([[o propertyForKey: NSStreamSocketSecurityLevelKey] isEqual: proto] == NO)
{
DESTROY(self);
return nil;
}
if ([proto isEqualToString: NSStreamSocketSecurityLevelNone] == YES)
{
proto = NSStreamSocketSecurityLevelNone;
DESTROY(self);
return nil;
}
else if ([proto isEqualToString: NSStreamSocketSecurityLevelSSLv2] == YES)
{
proto = NSStreamSocketSecurityLevelSSLv2;
GSOnceMLog(@"NSStreamSocketSecurityLevelTLSv1 is insecure ..."
@" not implemented");
DESTROY(self);
return nil;
}
else if ([proto isEqualToString: NSStreamSocketSecurityLevelSSLv3] == YES)
{
proto = NSStreamSocketSecurityLevelSSLv3;
}
else if ([proto isEqualToString: NSStreamSocketSecurityLevelTLSv1] == YES)
{
proto = NSStreamSocketSecurityLevelTLSv1;
}
else
{
proto = NSStreamSocketSecurityLevelNegotiatedSSL;
}
input = i; input = i;
output = o; output = o;
initialised = YES;
/* Configure this session to support certificate based
* operation.
*/
gnutls_certificate_allocate_credentials (&certcred);
/* FIXME ... should get the trusted authority certificates
* from somewhere sensible to validate the remote end!
*/
gnutls_certificate_set_x509_trust_file
(certcred, "ca.pem", GNUTLS_X509_FMT_PEM);
/* Initialise session and set default priorities foir key exchange.
*/
gnutls_init (&session, GNUTLS_CLIENT);
gnutls_set_default_priority (session);
if ([proto isEqualToString: NSStreamSocketSecurityLevelTLSv1] == YES)
{
const int proto_prio[4] = {
GNUTLS_TLS1_2,
GNUTLS_TLS1_1,
GNUTLS_TLS1_0,
0 };
gnutls_protocol_set_priority (session, proto_prio);
}
if ([proto isEqualToString: NSStreamSocketSecurityLevelSSLv3] == YES)
{
const int proto_prio[2] = {
GNUTLS_SSL3,
0 };
gnutls_protocol_set_priority (session, proto_prio);
}
/*
{
const int kx_prio[] = {
GNUTLS_KX_RSA,
GNUTLS_KX_RSA_EXPORT,
GNUTLS_KX_DHE_RSA,
GNUTLS_KX_DHE_DSS,
GNUTLS_KX_ANON_DH,
0 };
gnutls_kx_set_priority (session, kx_prio);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
}
*/
/* Set certificate credentials for this session.
*/
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, certcred);
/* Set transport layer to use our low level stream code.
*/
gnutls_transport_set_lowat (session, 0);
gnutls_transport_set_pull_function (session, GSTLSPull);
gnutls_transport_set_push_function (session, GSTLSPush);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)self);
#else #else
DESTROY(self); DESTROY(self);
#endif /* HAVE_GNUTLS */ #endif /* HAVE_GNUTLS */