gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-30 16:30:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add GSTLSServerName option

Browse source
This commit is contained in:
Richard Frith-Macdonald 2018-05-18 20:26:35 +01:00
parent 09da1e6894
commit ed286536e2
8 changed files with 91 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

19
Headers/Foundation/NSFileHandle.h
View file

@ -287,7 +287,7 @@ GS_EXPORT NSString * const NSFileHandleOperationException;
* be set.<br />
* You may use the same options as property settings with the GNUstep
* implementation of NSStream.<br />
* Expects key value pairs with the follwing names/meanings:
* Expects key value pairs with the following names/meanings:
* <deflist>
* <term>GSTLSCAFile</term>
* <desc>A string identifying the full path to the file containing any
@ -330,6 +330,18 @@ GS_EXPORT NSString * const NSFileHandleOperationException;
* information for certificates issued by our trusted authorites but
* no longer valid.
* </desc>
* <term>GSTLSServerName</term>
* <desc>By default the TLS layer when making an HTTPS request sets the
* 'Server Name Indication' (SNI) to be the name of the host in the URL
* that is being fetched.<br />
* This option allows the SNI to be set for other connections and permits
* overriding of the default behavior for HTTPS requests. Setting the
* value of GSTLSServerName to an empty string will prevent the SNI from
* being sent in the TLS handshake (this is sometimes desirable to prevent
* information leakage; the SNI information is sent unencrypted).<br />
* Some web servers require SNI in order to tell what hostname an HTTPS
* request is for and decide which certificate to present to the client.
* </desc>
* <term>GSTLSVerify</term>
* <desc>A boolean specifying whether we should require the remote end to
* supply a valid certificate in order to establish an encrypted connection.
@ -386,6 +398,11 @@ GS_EXPORT NSString * const GSTLSRemoteHosts;
*/
GS_EXPORT NSString * const GSTLSRevokeFile;
/** Dictionary key for the value controlling the Server Name Indication
* (SNI) sent as part of the TLS handshake.
*/
GS_EXPORT NSString * const GSTLSServerName;
/** Dictionary key for a boolean to enable certificate verification.
*/
GS_EXPORT NSString * const GSTLSVerify;