Lines Matching refs:ctx
65 SSLContext *ctx)
69 dn = ctx->acceptableDNList;
77 ctx->acceptableDNList = NULL;
81 Boolean sslIsSessionActive(const SSLContext *ctx)
83 assert(ctx != NULL);
84 switch(ctx->state) {
224 SSLContextRef ctx;
226 ctx = SSLCreateContextWithRecordFuncs(alloc, protocolSide, connectionType, &SSLRecordLayerInternal);
228 if(ctx==NULL)
231 ctx->recCtx = SSLCreateInternalRecordLayer(connectionType);
232 if(ctx->recCtx==NULL) {
233 CFRelease(ctx);
237 return ctx;
243 SSLContext *ctx = (SSLContext*) _CFRuntimeCreateInstance(alloc, SSLContextGetTypeID(), sizeof(SSLContext) - sizeof(CFRuntimeBase), NULL);
245 if(ctx == NULL) {
250 memset(((uint8_t*) ctx) + sizeof(CFRuntimeBase), 0, sizeof(SSLContext) - sizeof(CFRuntimeBase));
252 ctx->state = SSL_HdskStateUninit;
253 ctx->timeout_duration = DEFAULT_DTLS_TIMEOUT;
254 ctx->clientCertState = kSSLClientCertNone;
256 ctx->minProtocolVersion = MINIMUM_STREAM_VERSION;
257 ctx->maxProtocolVersion = MAXIMUM_STREAM_VERSION;
259 ctx->isDTLS = false;
260 ctx->dtlsCookie.data = NULL;
261 ctx->dtlsCookie.length = 0;
262 ctx->hdskMessageSeq = 0;
263 ctx->hdskMessageSeqNext = 0;
264 ctx->mtu = DEFAULT_DTLS_MTU;
266 ctx->negProtocolVersion = SSL_Version_Undetermined;
269 ctx->protocolSide = protocolSide;
271 ctx->sslTslCalls = &Ssl3Callouts;
273 ctx->recFuncs = recFuncs;
276 ctx->selectedCipher = TLS_NULL_WITH_NULL_NULL;
277 InitCipherSpecParams(ctx);
280 ctx->validCipherSuites = NULL;
281 ctx->numValidCipherSuites = 0;
283 ctx->numValidNonSSLv2Suites = 0;
286 ctx->peerDomainName = NULL;
287 ctx->peerDomainNameLen = 0;
291 serr = attachToAll(ctx);
298 ctx->enableCertVerify = true;
301 ctx->rsaBlindingEnable = true;
304 ctx->oneByteRecordEnable = false;
307 ctx->allowServerIdentityChange = false;
316 ctx->oneByteRecordEnable = true;
318 ctx->allowServerIdentityChange = true;
321 ctx->anonCipherEnable = false;
323 ctx->breakOnServerAuth = false;
324 ctx->breakOnCertRequest = false;
325 ctx->breakOnClientAuth = false;
326 ctx->signalServerAuth = false;
327 ctx->signalCertRequest = false;
328 ctx->signalClientAuth = false;
333 ctx->ecdhNumCurves = SSL_ECDSA_NUM_CURVES;
334 ctx->ecdhCurves[0] = SSL_Curve_secp256r1;
335 ctx->ecdhCurves[1] = SSL_Curve_secp384r1;
336 ctx->ecdhCurves[2] = SSL_Curve_secp521r1;
338 ctx->ecdhPeerCurve = SSL_Curve_None; /* until we negotiate one */
339 ctx->negAuthType = SSLClientAuthNone; /* ditto */
341 ctx->messageWriteQueue = NULL;
344 ctx->minProtocolVersion = MINIMUM_DATAGRAM_VERSION;
345 ctx->maxProtocolVersion = MAXIMUM_DATAGRAM_VERSION;
346 ctx->isDTLS = true;
349 ctx->secure_renegotiation = false;
352 CFRelease(ctx);
353 ctx = NULL;
355 return ctx;
387 SSLContext* ctx = (SSLContext*) arg;
389 if (ctx == NULL) {
392 CFStringRef result = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("<SSLContext(%p) { ... }>"), ctx);
409 SSLContext* ctx = (SSLContext*) arg;
412 sslDeleteCertificateChain(ctx->localCert, ctx);
413 sslDeleteCertificateChain(ctx->encryptCert, ctx);
414 sslDeleteCertificateChain(ctx->peerCert, ctx);
415 ctx->localCert = ctx->encryptCert = ctx->peerCert = NULL;
417 CFReleaseNull(ctx->localCert);
418 CFReleaseNull(ctx->encryptCert);
419 CFReleaseNull(ctx->peerCert);
420 CFReleaseNull(ctx->trustedCerts);
424 SSLResetFlight(ctx);
426 if(ctx->peerSecTrust) {
427 CFRelease(ctx->peerSecTrust);
428 ctx->peerSecTrust = NULL;
430 SSLFreeBuffer(&ctx->sessionTicket);
433 SSLFreeBuffer(&ctx->dhParamsEncoded);
435 sslFreeKey(ctx->cspHand, &ctx->dhPrivate, NULL);
437 if (ctx->secDHContext)
438 SecDHDestroy(ctx->secDHContext);
440 SSLFreeBuffer(&ctx->dhPeerPublic);
441 SSLFreeBuffer(&ctx->dhExchangePublic);
444 SSLFreeBuffer(&ctx->ecdhPeerPublic);
445 SSLFreeBuffer(&ctx->ecdhExchangePublic);
447 if(ctx->ecdhPrivCspHand == ctx->cspHand) {
448 sslFreeKey(ctx->ecdhPrivCspHand, &ctx->ecdhPrivate, NULL);
454 if(ctx->recFuncs==&SSLRecordLayerInternal)
455 SSLDestroyInternalRecordLayer(ctx->recCtx);
457 CloseHash(&SSLHashSHA1, &ctx->shaState);
458 CloseHash(&SSLHashMD5, &ctx->md5State);
459 CloseHash(&SSLHashSHA256, &ctx->sha256State);
460 CloseHash(&SSLHashSHA384, &ctx->sha512State);
462 SSLFreeBuffer(&ctx->sessionID);
463 SSLFreeBuffer(&ctx->peerID);
464 SSLFreeBuffer(&ctx->resumableSession);
465 SSLFreeBuffer(&ctx->preMasterSecret);
466 SSLFreeBuffer(&ctx->fragmentedMessageCache);
467 SSLFreeBuffer(&ctx->receivedDataBuffer);
469 if(ctx->peerDomainName) {
470 sslFree(ctx->peerDomainName);
471 ctx->peerDomainName = NULL;
472 ctx->peerDomainNameLen = 0;
475 sslFree(ctx->validCipherSuites);
476 ctx->validCipherSuites = NULL;
477 ctx->numValidCipherSuites = 0;
489 sslFreeKey(ctx->cspHand, &ctx->signingPubKey, NULL);
490 sslFreeKey(ctx->cspHand, &ctx->encryptPubKey, NULL);
491 sslFreeKey(ctx->peerPubKeyCsp, &ctx->peerPubKey, NULL);
493 if(ctx->signingPrivKeyRef) {
494 CFRelease(ctx->signingPrivKeyRef);
496 if(ctx->encryptPrivKeyRef) {
497 CFRelease(ctx->encryptPrivKeyRef);
499 if(ctx->trustedCerts) {
500 CFRelease(ctx->trustedCerts);
502 detachFromAll(ctx);
504 sslFreePubKey(&ctx->signingPubKey);
505 sslFreePubKey(&ctx->encryptPubKey);
506 sslFreePubKey(&ctx->peerPubKey);
507 sslFreePrivKey(&ctx->signingPrivKeyRef);
508 sslFreePrivKey(&ctx->encryptPrivKeyRef);
510 CFReleaseSafe(ctx->acceptableCAs);
511 CFReleaseSafe(ctx->trustedLeafCerts);
512 CFReleaseSafe(ctx->localCertArray);
513 CFReleaseSafe(ctx->encryptCertArray);
514 CFReleaseSafe(ctx->encryptCertArray);
515 if(ctx->clientAuthTypes) {
516 sslFree(ctx->clientAuthTypes);
518 if(ctx->serverSigAlgs != NULL) {
519 sslFree(ctx->serverSigAlgs);
521 if(ctx->clientSigAlgs != NULL) {
522 sslFree(ctx->clientSigAlgs);
524 sslFreeDnList(ctx);
526 SSLFreeBuffer(&ctx->ownVerifyData);
527 SSLFreeBuffer(&ctx->peerVerifyData);
529 SSLFreeBuffer(&ctx->pskIdentity);
530 SSLFreeBuffer(&ctx->pskSharedSecret);
532 memset(((uint8_t*) ctx) + sizeof(CFRuntimeBase), 0, sizeof(SSLContext) - sizeof(CFRuntimeBase));
656 SSLSetRecordContext (SSLContextRef ctx,
659 if(ctx == NULL) {
662 if(sslIsSessionActive(ctx)) {
666 ctx->recCtx = recCtx;
683 SSLContextRef ctx = connection;
686 rc = ctx->ioCtx.read(ctx->ioCtx.ioRef, data, dataLength);
701 SSLContextRef ctx = connection;
703 rc = ctx->ioCtx.write(ctx->ioCtx.ioRef, data, dataLength);
714 SSLSetIOFuncs (SSLContextRef ctx,
718 if(ctx == NULL) {
721 if(ctx->recFuncs!=&SSLRecordLayerInternal) {
726 if(sslIsSessionActive(ctx)) {
731 ctx->ioCtx.read=readFunc;
732 ctx->ioCtx.write=writeFunc;
734 return SSLSetInternalRecordLayerIOFuncs(ctx->recCtx, IORead, IOWrite);
738 SSLSetConnection (SSLContextRef ctx,
741 if(ctx == NULL) {
744 if(ctx->recFuncs!=&SSLRecordLayerInternal) {
749 if(sslIsSessionActive(ctx)) {
755 ctx->ioCtx.ioRef = connection;
757 return SSLSetInternalRecordLayerConnection(ctx->recCtx, ctx);
761 SSLGetConnection (SSLContextRef ctx,
764 if((ctx == NULL) || (connection == NULL)) {
767 *connection = ctx->ioCtx.ioRef;
772 SSLSetPeerDomainName (SSLContextRef ctx,
776 if(ctx == NULL) {
779 if(sslIsSessionActive(ctx)) {
785 if(ctx->peerDomainName) {
786 sslFree(ctx->peerDomainName);
790 ctx->peerDomainName = (char *)sslMalloc(peerNameLen);
791 if(ctx->peerDomainName == NULL) {
794 memmove(ctx->peerDomainName, peerName, peerNameLen);
795 ctx->peerDomainNameLen = peerNameLen;
803 SSLGetPeerDomainNameLength (SSLContextRef ctx,
806 if(ctx == NULL) {
809 *peerNameLen = ctx->peerDomainNameLen;
814 SSLGetPeerDomainName (SSLContextRef ctx,
818 if(ctx == NULL) {
821 if(*peerNameLen < ctx->peerDomainNameLen) {
824 memmove(peerName, ctx->peerDomainName, ctx->peerDomainNameLen);
825 *peerNameLen = ctx->peerDomainNameLen;
830 SSLSetDatagramHelloCookie (SSLContextRef ctx,
836 if(ctx == NULL) {
840 if(!ctx->isDTLS) return errSecParam;
842 if((ctx == NULL) || (cookieLen>32)) {
845 if(sslIsSessionActive(ctx)) {
851 if(ctx->dtlsCookie.data) {
852 SSLFreeBuffer(&ctx->dtlsCookie);
856 if((err=SSLAllocBuffer(&ctx->dtlsCookie, cookieLen)))
859 memmove(ctx->dtlsCookie.data, cookie, cookieLen);
864 SSLSetMaxDatagramRecordSize (SSLContextRef ctx,
868 if(ctx == NULL) return errSecParam;
869 if(!ctx->isDTLS) return errSecParam;
872 ctx->mtu = maxSize;
878 SSLGetMaxDatagramRecordSize (SSLContextRef ctx,
881 if(ctx == NULL) return errSecParam;
882 if(!ctx->isDTLS) return errSecParam;
884 *maxSize = ctx->mtu;
907 SSLGetDatagramWriteSize (SSLContextRef ctx,
910 if(ctx == NULL) return errSecParam;
911 if(!ctx->isDTLS) return errSecParam;
914 size_t max_fragment_size = ctx->mtu-13; /* 13 = dtls record header */
916 SSLCipherSpecParams *currCipher = &ctx->selectedCipherSpecParams;
932 assert(max_fragment_size<ctx->mtu);
970 SSLSetProtocolVersionMin (SSLContextRef ctx,
973 if(ctx == NULL) return errSecParam;
976 if (ctx->isDTLS) {
980 if (version < ctx->maxProtocolVersion)
981 ctx->maxProtocolVersion = version;
985 if (version > ctx->maxProtocolVersion)
986 ctx->maxProtocolVersion = version;
988 ctx->minProtocolVersion = version;
994 SSLGetProtocolVersionMin (SSLContextRef ctx,
997 if(ctx == NULL) return errSecParam;
999 *minVersion = SSLProtocolVersionToProtocol(ctx->minProtocolVersion);
1004 SSLSetProtocolVersionMax (SSLContextRef ctx,
1007 if(ctx == NULL) return errSecParam;
1010 if (ctx->isDTLS) {
1014 if (version > ctx->minProtocolVersion)
1015 ctx->minProtocolVersion = version;
1019 if (version < ctx->minProtocolVersion)
1020 ctx->minProtocolVersion = version;
1022 ctx->maxProtocolVersion = version;
1028 SSLGetProtocolVersionMax (SSLContextRef ctx,
1031 if(ctx == NULL) return errSecParam;
1033 *maxVersion = SSLProtocolVersionToProtocol(ctx->maxProtocolVersion);
1040 SSLSetProtocolVersionEnabled(SSLContextRef ctx,
1044 if(ctx == NULL) {
1047 if(sslIsSessionActive(ctx) || ctx->isDTLS) {
1053 ctx->minProtocolVersion = MINIMUM_STREAM_VERSION;
1054 ctx->maxProtocolVersion = MAXIMUM_STREAM_VERSION;
1056 ctx->minProtocolVersion = SSL_Version_Undetermined;
1057 ctx->maxProtocolVersion = SSL_Version_Undetermined;
1065 if (version > ctx->maxProtocolVersion) {
1066 ctx->maxProtocolVersion = version;
1067 if (ctx->minProtocolVersion == SSL_Version_Undetermined)
1068 ctx->minProtocolVersion = version;
1070 if (version < ctx->minProtocolVersion) {
1071 ctx->minProtocolVersion = version;
1100 ctx->minProtocolVersion = max(ctx->minProtocolVersion, nextVersion);
1101 if (ctx->minProtocolVersion > ctx->maxProtocolVersion) {
1102 ctx->minProtocolVersion = SSL_Version_Undetermined;
1103 ctx->maxProtocolVersion = SSL_Version_Undetermined;
1112 SSLGetProtocolVersionEnabled(SSLContextRef ctx,
1116 if(ctx == NULL) {
1119 if(ctx->isDTLS) {
1131 *enable = (ctx->minProtocolVersion <= version
1132 && ctx->maxProtocolVersion >= version);
1136 *enable = (ctx->minProtocolVersion <= MINIMUM_STREAM_VERSION
1137 && ctx->maxProtocolVersion >= MAXIMUM_STREAM_VERSION);
1147 SSLSetProtocolVersion (SSLContextRef ctx,
1150 if(ctx == NULL) {
1153 if(sslIsSessionActive(ctx) || ctx->isDTLS) {
1161 ctx->minProtocolVersion = MINIMUM_STREAM_VERSION;
1162 ctx->maxProtocolVersion = SSL_Version_3_0;
1165 ctx->minProtocolVersion = SSL_Version_3_0;
1166 ctx->maxProtocolVersion = SSL_Version_3_0;
1170 ctx->minProtocolVersion = MINIMUM_STREAM_VERSION;
1171 ctx->maxProtocolVersion = TLS_Version_1_0;
1174 ctx->minProtocolVersion = TLS_Version_1_0;
1175 ctx->maxProtocolVersion = TLS_Version_1_0;
1180 ctx->minProtocolVersion = MINIMUM_STREAM_VERSION;
1181 ctx->maxProtocolVersion = TLS_Version_1_1;
1188 ctx->minProtocolVersion = MINIMUM_STREAM_VERSION;
1189 ctx->maxProtocolVersion = MAXIMUM_STREAM_VERSION;
1200 SSLGetProtocolVersion (SSLContextRef ctx,
1203 if(ctx == NULL) {
1208 if (ctx->maxProtocolVersion == MAXIMUM_STREAM_VERSION) {
1209 if(ctx->minProtocolVersion == MINIMUM_STREAM_VERSION) {
1214 } else if (ctx->maxProtocolVersion == TLS_Version_1_1) {
1215 if(ctx->minProtocolVersion == MINIMUM_STREAM_VERSION) {
1220 } else if (ctx->maxProtocolVersion == TLS_Version_1_0) {
1221 if(ctx->minProtocolVersion == MINIMUM_STREAM_VERSION) {
1225 } else if(ctx->minProtocolVersion == TLS_Version_1_0) {
1228 } else if(ctx->maxProtocolVersion == SSL_Version_3_0) {
1229 if(ctx->minProtocolVersion == MINIMUM_STREAM_VERSION) {
1241 SSLGetNegotiatedProtocolVersion (SSLContextRef ctx,
1244 if(ctx == NULL) {
1247 *protocol = SSLProtocolVersionToProtocol(ctx->negProtocolVersion);
1252 SSLSetEnableCertVerify (SSLContextRef ctx,
1255 if(ctx == NULL) {
1260 if(sslIsSessionActive(ctx)) {
1264 ctx->enableCertVerify = enableVerify;
1269 SSLGetEnableCertVerify (SSLContextRef ctx,
1272 if(ctx == NULL) {
1275 *enableVerify = ctx->enableCertVerify;
1280 SSLSetAllowsExpiredCerts(SSLContextRef ctx,
1283 if(ctx == NULL) {
1288 if(sslIsSessionActive(ctx)) {
1292 ctx->allowExpiredCerts = allowExpired;
1297 SSLGetAllowsExpiredCerts (SSLContextRef ctx,
1300 if(ctx == NULL) {
1303 *allowExpired = ctx->allowExpiredCerts;
1308 SSLSetAllowsExpiredRoots(SSLContextRef ctx,
1311 if(ctx == NULL) {
1316 if(sslIsSessionActive(ctx)) {
1320 ctx->allowExpiredRoots = allowExpired;
1325 SSLGetAllowsExpiredRoots (SSLContextRef ctx,
1328 if(ctx == NULL) {
1331 *allowExpired = ctx->allowExpiredRoots;
1336 SSLContextRef ctx,
1339 if(ctx == NULL) {
1343 ctx->allowAnyRoot = anyRoot;
1349 SSLContextRef ctx,
1352 if(ctx == NULL) {
1355 *anyRoot = ctx->allowAnyRoot;
1362 SSLContextRef ctx,
1367 ctx->peerDomainName,
1368 (uint32_t)ctx->peerDomainNameLen,
1369 (ctx->protocolSide == kSSLServerSide) ?
1377 SSLSetTrustedRoots (SSLContextRef ctx,
1382 if(ctx == NULL) {
1385 if(sslIsSessionActive(ctx)) {
1394 CFReleaseSafe(ctx->trustedCerts);
1395 ctx->trustedCerts = trustedRoots;
1402 if(ctx->trustedCerts != NULL) {
1404 existingRoots = ctx->trustedCerts;
1408 ortn = sslDefaultSystemRoots(ctx, &existingRoots);
1420 ctx->trustedCerts = newRoots;
1424 if (sslIsSessionActive(ctx)) {
1432 ctx->trustedCertsOnly = true;
1433 CFReleaseNull(ctx->trustedCerts);
1436 if (ctx->trustedCerts) {
1439 CFArrayAppendArray(ctx->trustedCerts, trustedRoots, range);
1441 require(ctx->trustedCerts =
1454 SSLCopyTrustedRoots (SSLContextRef ctx,
1457 if(ctx == NULL || trustedRoots == NULL) {
1460 if(ctx->trustedCerts != NULL) {
1461 *trustedRoots = ctx->trustedCerts;
1462 CFRetain(ctx->trustedCerts);
1467 return sslDefaultSystemRoots(ctx, trustedRoots);
1475 SSLSetTrustedLeafCertificates (SSLContextRef ctx,
1478 if(ctx == NULL) {
1481 if(sslIsSessionActive(ctx)) {
1486 if(ctx->trustedLeafCerts) {
1487 CFRelease(ctx->trustedLeafCerts);
1489 ctx->trustedLeafCerts = trustedCerts;
1495 SSLCopyTrustedLeafCertificates (SSLContextRef ctx,
1498 if(ctx == NULL) {
1501 if(ctx->trustedLeafCerts != NULL) {
1502 *trustedCerts = ctx->trustedLeafCerts;
1503 CFRetain(ctx->trustedCerts);
1511 SSLSetClientSideAuthenticate (SSLContext *ctx,
1514 if(ctx == NULL) {
1517 if(sslIsSessionActive(ctx)) {
1521 ctx->clientAuth = auth;
1524 ctx->tryClientAuth = false;
1528 ctx->tryClientAuth = true;
1535 SSLGetClientSideAuthenticate (SSLContext *ctx,
1538 if(ctx == NULL || auth == NULL) {
1541 *auth = ctx->clientAuth;
1546 SSLGetClientCertificateState (SSLContextRef ctx,
1549 if(ctx == NULL) {
1552 *clientState = ctx->clientCertState;
1557 SSLSetCertificate (SSLContextRef ctx,
1562 * -- Get raw cert data, convert to ctx->localCert
1566 if(ctx == NULL) {
1571 if(sslIsSessionActive(ctx) &&
1573 (ctx->clientCertState != kSSLClientCertRequested))
1577 CFReleaseNull(ctx->localCertArray);
1579 ctx->negAuthType = SSLClientAuthNone;
1583 OSStatus ortn = parseIncomingCerts(ctx,
1585 &ctx->localCert,
1586 &ctx->signingPubKey,
1587 &ctx->signingPrivKeyRef,
1588 &ctx->ourSignerAlg);
1590 ctx->localCertArray = certRefs;
1593 ortn = SSLUpdateNegotiatedClientAuthType(ctx);
1599 SSLSetEncryptionCertificate (SSLContextRef ctx,
1604 * -- Get raw cert data, convert to ctx->encryptCert
1608 if(ctx == NULL) {
1611 if(sslIsSessionActive(ctx)) {
1615 CFReleaseNull(ctx->encryptCertArray);
1616 OSStatus ortn = parseIncomingCerts(ctx,
1618 &ctx->encryptCert,
1619 &ctx->encryptPubKey,
1620 &ctx->encryptPrivKeyRef,
1623 ctx->encryptCertArray = certRefs;
1629 OSStatus SSLGetCertificate(SSLContextRef ctx,
1632 if(ctx == NULL) {
1635 *certRefs = ctx->localCertArray;
1639 OSStatus SSLGetEncryptionCertificate(SSLContextRef ctx,
1642 if(ctx == NULL) {
1645 *certRefs = ctx->encryptCertArray;
1650 SSLSetPeerID (SSLContext *ctx,
1657 if((ctx == NULL) ||
1662 if(sslIsSessionActive(ctx) &&
1664 (ctx->clientCertState != kSSLClientCertRequested))
1668 SSLFreeBuffer(&ctx->peerID);
1669 serr = SSLAllocBuffer(&ctx->peerID, peerIDLen);
1673 memmove(ctx->peerID.data, peerID, peerIDLen);
1678 SSLGetPeerID (SSLContextRef ctx,
1682 *peerID = ctx->peerID.data; // may be NULL
1683 *peerIDLen = ctx->peerID.length;
1688 SSLGetNegotiatedCipher (SSLContextRef ctx,
1691 if(ctx == NULL) {
1694 if(!sslIsSessionActive(ctx)) {
1697 *cipherSuite = (SSLCipherSuite)ctx->selectedCipher;
1706 SSLContextRef ctx,
1713 if(ctx == NULL) {
1716 if(sslIsSessionActive(ctx)) {
1727 dn->next = ctx->acceptableDNList;
1728 ctx->acceptableDNList = dn;
1734 sslAddCA(SSLContextRef ctx,
1751 if(ctx->acceptableCAs == NULL) {
1752 require(ctx->acceptableCAs = CFArrayCreateMutable(NULL, 0,
1754 if(ctx->acceptableCAs == NULL) {
1758 CFArrayAppendValue(ctx->acceptableCAs, cert);
1762 ortn = SSLAddDistinguishedName(ctx,
1766 ortn = SSLAddDistinguishedName(ctx, subjectName->Data, subjectName->Length);
1782 SSLSetCertificateAuthorities(SSLContextRef ctx,
1789 if((ctx == NULL) || sslIsSessionActive(ctx) ||
1790 (ctx->protocolSide != kSSLServerSide)) {
1794 sslFreeDnList(ctx);
1795 if(ctx->acceptableCAs) {
1796 CFRelease(ctx->acceptableCAs);
1797 ctx->acceptableCAs = NULL;
1805 ortn = sslAddCA(ctx, (SecCertificateRef)certificateOrArray);
1818 ortn = sslAddCA(ctx, cert);
1838 SSLCopyCertificateAuthorities(SSLContextRef ctx,
1841 if((ctx == NULL) || (certificates == NULL)) {
1844 if(ctx->acceptableCAs == NULL) {
1848 *certificates = ctx->acceptableCAs;
1849 CFRetain(ctx->acceptableCAs);
1861 SSLCopyDistinguishedNames (SSLContextRef ctx,
1867 if((ctx == NULL) || (names == NULL)) {
1870 if(ctx->acceptableDNList == NULL) {
1875 dn = ctx->acceptableDNList;
1894 sslCopyPeerCertificates (SSLContextRef ctx,
1898 if(ctx == NULL) {
1917 numCerts = SSLGetCertificateChainLength(ctx->peerCert);
1930 scert = ctx->peerCert;
1954 if (!ctx->peerCert) {
1959 CFArrayRef ca = CFArrayCreateCopy(kCFAllocatorDefault, ctx->peerCert);
1977 SSLCopyPeerCertificates (SSLContextRef ctx,
1980 return sslCopyPeerCertificates(ctx, certs, false);
1987 SSLGetPeerCertificates (SSLContextRef ctx,
1990 SSLGetPeerCertificates (SSLContextRef ctx,
1993 return sslCopyPeerCertificates(ctx, certs, true);
2004 SSLContextRef ctx,
2009 if(ctx == NULL) {
2012 if(sslIsSessionActive(ctx)) {
2015 SSLFreeBuffer(&ctx->dhParamsEncoded);
2017 if (ctx->secDHContext)
2018 SecDHDestroy(ctx->secDHContext);
2023 &ctx->dhParamsEncoded);
2035 SSLContextRef ctx,
2040 if(ctx == NULL) {
2043 *dhParams = ctx->dhParamsEncoded.data;
2044 *dhParamsLen = ctx->dhParamsEncoded.length;
2052 SSLContextRef ctx,
2055 if(ctx == NULL) {
2058 ctx->rsaBlindingEnable = blinding;
2063 SSLContextRef ctx,
2066 if(ctx == NULL) {
2069 *blinding = ctx->rsaBlindingEnable;
2075 SSLContextRef ctx,
2079 if (ctx == NULL || trust == NULL)
2084 if (!ctx->peerSecTrust && ctx->peerCert) {
2085 status = sslCreateSecTrust(ctx, ctx->peerCert, true,
2086 &ctx->peerSecTrust);
2089 *trust = ctx->peerSecTrust;
2090 if (ctx->peerSecTrust)
2091 CFRetain(ctx->peerSecTrust);
2097 SSLContextRef ctx,
2101 if (ctx == NULL || trust == NULL)
2106 if (!ctx->peerSecTrust && ctx->peerCert) {
2107 status = sslCreateSecTrust(ctx, ctx->peerCert, true,
2108 &ctx->peerSecTrust);
2111 *trust = ctx->peerSecTrust;
2116 SSLContextRef ctx,
2120 if((ctx == NULL) || (secret == NULL) || (secretSize == NULL)) {
2126 memmove(secret, ctx->masterSecret, SSL_MASTER_SECRET_SIZE);
2132 SSLContextRef ctx,
2136 if((ctx == NULL) || (randBuf == NULL) || (randSize == NULL)) {
2142 memmove(randBuf, ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE);
2148 SSLContextRef ctx,
2152 if((ctx == NULL) || (randBuf == NULL) || (randSize == NULL)) {
2158 memmove(randBuf, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE);
2165 SSLContextRef ctx,
2172 if((ctx == NULL) || (digestSize == NULL) ||
2176 currCipher = &ctx->selectedCipherSpecParams;
2185 SSLContextRef ctx,
2190 if((ctx == NULL) || (sessionWasResumed == NULL) ||
2195 if(ctx->sessionMatch) {
2197 if(ctx->sessionID.length > *sessionIDLength) {
2201 if(ctx->sessionID.length) {
2206 memmove(sessionID, ctx->sessionID.data, ctx->sessionID.length);
2208 *sessionIDLength = ctx->sessionID.length;
2222 SSLContextRef ctx,
2225 if(ctx == NULL) {
2228 if(sslIsSessionActive(ctx)) {
2231 if(ctx->validCipherSuites != NULL) {
2235 ctx->anonCipherEnable = enable;
2241 SSLContextRef ctx,
2244 if((ctx == NULL) || (enable == NULL)) {
2247 if(sslIsSessionActive(ctx)) {
2250 *enable = ctx->anonCipherEnable;
2260 SSLContextRef ctx,
2263 if(ctx == NULL) {
2266 ctx->sessionCacheTimeout = timeoutInSeconds;
2276 SSLContextRef ctx,
2280 if(ctx == NULL) {
2283 ctx->masterSecretCallback = mFunc;
2284 ctx->masterSecretArg = arg;
2302 SSLContextRef ctx,
2306 if(ctx == NULL) {
2309 if(sslIsSessionActive(ctx)) {
2317 SSLFreeBuffer(&ctx->sessionTicket);
2318 return SSLCopyBufferFromData(ticket, ticketLength, &ctx->sessionTicket);
2330 SSLContextRef ctx,
2333 if((ctx == NULL) || (namedCurve == NULL)) {
2336 if(ctx->ecdhPeerCurve == SSL_Curve_None) {
2339 *namedCurve = ctx->ecdhPeerCurve;
2347 SSLContextRef ctx,
2350 if((ctx == NULL) || (numCurves == NULL)) {
2353 *numCurves = ctx->ecdhNumCurves;
2361 SSLContextRef ctx,
2365 if((ctx == NULL) || (namedCurves == NULL) || (numCurves == NULL)) {
2368 if(*numCurves < ctx->ecdhNumCurves) {
2371 memmove(namedCurves, ctx->ecdhCurves,
2372 (ctx->ecdhNumCurves * sizeof(SSL_ECDSA_NamedCurve)));
2373 *numCurves = ctx->ecdhNumCurves;
2381 SSLContextRef ctx,
2385 if((ctx == NULL) || (namedCurves == NULL) || (numCurves == 0)) {
2391 if(sslIsSessionActive(ctx)) {
2395 memmove(ctx->ecdhCurves, namedCurves, (numCurves * sizeof(SSL_ECDSA_NamedCurve)));
2396 ctx->ecdhNumCurves = numCurves;
2407 SSLContextRef ctx,
2410 if((ctx == NULL) || (ctx->clientCertState == kSSLClientCertNone)) {
2413 *numTypes = ctx->numAuthTypes;
2425 SSLContextRef ctx,
2429 if((ctx == NULL) || (ctx->clientCertState == kSSLClientCertNone)) {
2432 memmove(authTypes, ctx->clientAuthTypes,
2433 ctx->numAuthTypes * sizeof(SSLClientAuthenticationType));
2434 *numTypes = ctx->numAuthTypes;
2444 SSLContextRef ctx,
2447 if(ctx == NULL) {
2450 *authType = ctx->negAuthType;
2465 SSLContextRef ctx)
2467 if(ctx == NULL) {
2475 ctx->x509Requested = 0;
2476 ctx->negAuthType = SSLClientAuthNone;
2477 if(ctx->signingPrivKeyRef != NULL) {
2478 CFIndex ourKeyAlg = sslPubKeyGetAlgorithmID(ctx->signingPubKey);
2480 for(i=0; i<ctx->numAuthTypes; i++) {
2481 switch(ctx->clientAuthTypes[i]) {
2484 ctx->x509Requested = 1;
2485 ctx->negAuthType = SSLClientAuth_RSASign;
2495 (ctx->ourSignerAlg == kSecECDSAAlgorithmID)) {
2496 ctx->x509Requested = 1;
2497 ctx->negAuthType = ctx->clientAuthTypes[i];
2504 (ctx->ourSignerAlg == kSecRSAAlgorithmID)) {
2505 ctx->x509Requested = 1;
2506 ctx->negAuthType = SSLClientAuth_RSAFixedECDH;
2514 if(ctx->x509Requested) {
2515 sslLogNegotiateDebug("===CHOOSING authType %d", (int)ctx->negAuthType);
2525 SSLContextRef ctx,
2528 if((ctx == NULL) || (ctx->clientCertState == kSSLClientCertNone)) {
2531 *numSigAlgs = ctx->numServerSigAlgs;
2536 SSLContextRef ctx,
2540 if((ctx == NULL) || (ctx->clientCertState == kSSLClientCertNone)) {
2543 memmove(sigAlgs, ctx->serverSigAlgs,
2544 ctx->numServerSigAlgs * sizeof(SSLSignatureAndHashAlgorithm));
2545 *numSigAlgs = ctx->numServerSigAlgs;
2550 OSStatus SSLSetPSKSharedSecret(SSLContextRef ctx,
2554 if(ctx == NULL) return errSecParam;
2556 if(ctx->pskSharedSecret.data)
2557 SSLFreeBuffer(&ctx->pskSharedSecret);
2559 if(SSLCopyBufferFromData(secret, secretLen, &ctx->pskSharedSecret))
2565 OSStatus SSLSetPSKIdentity(SSLContextRef ctx,
2569 if((ctx == NULL) || (pskIdentity == NULL) || (pskIdentityLen == 0)) return errSecParam;
2571 if(ctx->pskIdentity.data)
2572 SSLFreeBuffer(&ctx->pskIdentity);
2574 if(SSLCopyBufferFromData(pskIdentity, pskIdentityLen, &ctx->pskIdentity))
2581 OSStatus SSLGetPSKIdentity(SSLContextRef ctx,
2585 if((ctx == NULL) || (pskIdentity == NULL) || (pskIdentityLen == NULL)) return errSecParam;
2587 *pskIdentity=ctx->pskIdentity.data;
2588 *pskIdentityLen=ctx->pskIdentity.length;
2610 SSLContext *ctx)
2615 assert(ctx != NULL);