AppleTLS: Use newer, non-deprecated API in 10.8+

pull/220/merge
Nils Maier 2014-03-27 19:54:56 +01:00
parent 7600886d3d
commit 2d9bf0f374
1 changed files with 26 additions and 2 deletions

View File

@ -45,7 +45,10 @@
#define ioErr -36 #define ioErr -36
#define paramErr -50 #define paramErr -50
#ifndef errSSLServerAuthCompleted
#define errSSLServerAuthCompleted -9841 #define errSSLServerAuthCompleted -9841
#endif
namespace { namespace {
#if !defined(__MAC_10_8) #if !defined(__MAC_10_8)
@ -298,8 +301,17 @@ AppleTLSSession::AppleTLSSession(AppleTLSContext* ctx)
lastError_(noErr), lastError_(noErr),
writeBuffered_(0) writeBuffered_(0)
{ {
lastError_ = SSLNewContext(ctx->getSide() == TLS_SERVER, &sslCtx_) == noErr; #if defined(__MAC_10_8)
if (lastError_ == noErr) { sslCtx_ = SSLCreateContext(
nullptr,
ctx->getSide() == TLS_SERVER ? kSSLServerSide : kSSLClientSide,
kSSLStreamType
);
lastError_ = sslCtx_ ? noErr : paramErr;
#else
lastError_ = SSLNewContext(ctx->getSide() == TLS_SERVER, &sslCtx_);
#endif
if (lastError_ != noErr) {
state_ = st_error; state_ = st_error;
return; return;
} }
@ -314,7 +326,15 @@ AppleTLSSession::AppleTLSSession(AppleTLSContext* ctx)
(void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol12, true); (void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol12, true);
#endif #endif
#if defined(__MAC_10_8)
if (!ctx->getVerifyPeer()) {
// This disables client verification
(void)SSLSetSessionOption(sslCtx_, kSSLSessionOptionBreakOnServerAuth, true);
}
#else
(void)SSLSetEnableCertVerify(sslCtx_, ctx->getVerifyPeer()); (void)SSLSetEnableCertVerify(sslCtx_, ctx->getVerifyPeer());
#endif
#ifndef CIPHER_ENABLE_ALL #ifndef CIPHER_ENABLE_ALL
SSLCipherSuiteList enabled = constructEnabledSuites(sslCtx_); SSLCipherSuiteList enabled = constructEnabledSuites(sslCtx_);
@ -372,7 +392,11 @@ AppleTLSSession::~AppleTLSSession()
{ {
closeConnection(); closeConnection();
if (sslCtx_) { if (sslCtx_) {
#if defined(__MAC_10_8)
CFRelease(sslCtx_);
#else
SSLDisposeContext(sslCtx_); SSLDisposeContext(sslCtx_);
#endif
sslCtx_ = nullptr; sslCtx_ = nullptr;
} }
state_ = st_error; state_ = st_error;