Try to honor protocol selection

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@25878 72102866-910b-0410-8b05-ffd578937521
2025-05-30 16:30:41 +00:00 · 2008-01-06 07:39:03 +00:00 · 2008-01-06 07:39:03 +00:00 · d763e93ea3
commit d763e93ea3
parent bf1e04b67d
2 changed files with 105 additions and 47 deletions
--- a/4
+++ b/4
@ -5,6 +5,10 @@
 	namespaces in XPath expressions.
 	* Headers/Additions/GNUstepBase/GSXML.h: Same.
 	
+2008-01-05  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/GSSocketStream.m: Try to honor protocol requested.
+
 2008-01-05  Richard Frith-Macdonald <rfm@gnu.org>

 	* config/pathtls.m4: fixup form mingw32
--- a/Source/GSSocketStream.m
+++ b/Source/GSSocketStream.m
@ -82,6 +82,7 @@ static struct gcry_thread_cbs gcry_threads_other = {
 {
  GSSocketInputStream   *input;         // Not retained
  GSSocketOutputStream  *output;        // Not retained
+  BOOL                  initialised;
  BOOL                  handshake;
  BOOL                  active;
 #if     defined(HAVE_GNUTLS)
@ -202,22 +203,23 @@ static gnutls_anon_client_credentials_t anoncred;
 - (void) bye
 {
 #if     defined(HAVE_GNUTLS)
-  if (handshake == NO)
+  if (active == YES || handshake == YES)
    {
-      if (active == NO)
-        {
-          return;
-        }
      active = NO;
+      handshake = NO;
      gnutls_bye (session, GNUTLS_SHUT_RDWR);
    }
-  gnutls_deinit (session);
 #endif  /* HAVE_GNUTLS */
 }

 - (void) dealloc
 {
  [self bye];
+#if     defined(HAVE_GNUTLS)
+  gnutls_db_remove_session (session);
+  gnutls_deinit (session);
+  gnutls_certificate_free_credentials (&certcred);
+#endif  /* HAVE_GNUTLS */
  [super dealloc];
 }

@ -235,6 +237,66 @@ static gnutls_anon_client_credentials_t anoncred;

      if (handshake == NO)
        {
+          /* Set flag to say we are now doing a handshake.
+           */
+          handshake = YES;
+        }
+      ret = gnutls_handshake (session);
+      if (ret < 0)
+        {
+          NSDebugMLog(@"NSThread", @"Handshake status %d", ret);
+        }
+      else
+        {
+          handshake = NO;       // Handshake is now complete.
+          active = YES;         // The TLS session is now active.
+        }
+
+#endif  /* HAVE_GNUTLS */
+    }
+}
+
+- (id) initWithInput: (GSSocketInputStream*)i
+              output: (GSSocketOutputStream*)o
+{
+#if     defined(HAVE_GNUTLS)
+  NSString      *proto = [i propertyForKey: NSStreamSocketSecurityLevelKey];
+
+  if ([[o propertyForKey: NSStreamSocketSecurityLevelKey] isEqual: proto] == NO)
+    {
+      DESTROY(self);
+      return nil;
+    }
+  if ([proto isEqualToString: NSStreamSocketSecurityLevelNone] == YES)
+    {
+      proto = NSStreamSocketSecurityLevelNone;
+      DESTROY(self);
+      return nil;
+    }
+  else if ([proto isEqualToString: NSStreamSocketSecurityLevelSSLv2] == YES)
+    {
+      proto = NSStreamSocketSecurityLevelSSLv2;
+      GSOnceMLog(@"NSStreamSocketSecurityLevelTLSv1 is insecure ..."
+        @" not implemented");
+      DESTROY(self);
+      return nil;
+    }
+  else if ([proto isEqualToString: NSStreamSocketSecurityLevelSSLv3] == YES)
+    {
+      proto = NSStreamSocketSecurityLevelSSLv3;
+    }
+  else if ([proto isEqualToString: NSStreamSocketSecurityLevelTLSv1] == YES)
+    {
+      proto = NSStreamSocketSecurityLevelTLSv1;
+    }
+  else
+    {
+      proto = NSStreamSocketSecurityLevelNegotiatedSSL;
+    }
+
+  input = i;
+  output = o;
+  initialised = YES;
  /* Configure this session to support certificate based
   * operation.
   */
@ -251,7 +313,24 @@ static gnutls_anon_client_credentials_t anoncred;
  gnutls_init (&session, GNUTLS_CLIENT);
  gnutls_set_default_priority (session);

-    /*
+  if ([proto isEqualToString: NSStreamSocketSecurityLevelTLSv1] == YES)
+    {
+      const int proto_prio[4] = {
+        GNUTLS_TLS1_2,
+        GNUTLS_TLS1_1,
+        GNUTLS_TLS1_0,
+        0 };
+      gnutls_protocol_set_priority (session, proto_prio);
+    }
+  if ([proto isEqualToString: NSStreamSocketSecurityLevelSSLv3] == YES)
+    {
+      const int proto_prio[2] = {
+        GNUTLS_SSL3,
+        0 };
+      gnutls_protocol_set_priority (session, proto_prio);
+    }
+
+/*
 {
    const int kx_prio[] = {
      GNUTLS_KX_RSA,
@ -276,31 +355,6 @@ static gnutls_anon_client_credentials_t anoncred;
  gnutls_transport_set_push_function (session, GSTLSPush);
  gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)self);

-          /* Set flag to say we are now doing a handshake.
-           */
-          handshake = YES;
-        }
-      ret = gnutls_handshake (session);
-      if (ret < 0)
-        {
-          NSDebugMLog(@"NSThread", @"Handshake status %d", ret);
-        }
-      else
-        {
-          handshake = NO;       // Handshake is now complete.
-          active = YES;         // The TLS session is now active.
-        }
-
-#endif  /* HAVE_GNUTLS */
-    }
-}
-
- (id) initWithInput: (GSSocketInputStream*)i
-              output: (GSSocketOutputStream*)o
-{
-#if     defined(HAVE_GNUTLS)
-  input = i;
-  output = o;
 #else
  DESTROY(self);
 #endif  /* HAVE_GNUTLS */