const char *sslGetProtocolVersionString(SSLProtocol prot)
{
static char noProt[20];
-
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
switch(prot) {
case kSSLProtocolUnknown:
return "kSSLProtocolUnknown";
sprintf(noProt, "Unknown (%d)", (unsigned)prot);
return noProt;
}
+#pragma clang diagnostic pop
}
/*
case errSSLPeerInternalError:
return "errSSLPeerInternalError";
case errSSLPeerUserCancelled:
- return "errSSLPeerUserCancelled";
+ return "errSSLPeerUserCanceled";
case errSSLPeerNoRenegotiation:
return "errSSLPeerNoRenegotiation";
case errSSLHostNameMismatch:
{
static char noState[20];
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
switch(state) {
case kSSLClientCertNone:
return "ClientCertNone";
sprintf(noState, "Unknown (%d)", (unsigned)state);
return noState;
}
-
+#pragma clang diagnostic pop
}
/*
CFArrayAppendValue(certificates, cert);
require_noerr(SecTrustCreateWithCertificates(certificates, NULL, &trust),
errOut);
- SecTrustResultType tresult;
- require_noerr(SecTrustEvaluate(trust, &tresult), errOut);
CFIndex certCount, ix;
// We need at least 1 certificate
+ // SecTrustGetCertificateCount implicitly does a trust evaluation to determine
+ // the number of certs in the chain.
require(certCount = SecTrustGetCertificateCount(trust), errOut);
// Build a result where element 0 is the identity and the other elements
}
#endif
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
OSStatus addTrustedSecCert(
SSLContextRef ctx,
SecCertificateRef secCert,
return ortn;
}
+#pragma clang diagnostic pop
+
OSStatus sslAddTrustedRoot(
SSLContextRef ctx,
const char *anchorFile,
unsigned inDex = 0; // index into ciphers
/* first get all the supported ciphers */
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
ortn = SSLGetNumberSupportedCiphers(ctx, &numSupported);
if(ortn) {
printSslErrStr("SSLGetNumberSupportedCiphers", ortn);
if(ortn) {
printSslErrStr("SSLSetEnabledCiphers", ortn);
}
+#pragma clang diagnostic pop
free(enabled);
free(supported);
return ortn;
return unk;
}
}
+
+
+
+
+#include <Security/SecCertificatePriv.h>
+#include <Security/SecKey.h>
+
+SecKeyRef create_private_key_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len)
+{
+ SecKeyRef privKey;
+ CFErrorRef error = NULL;
+ CFDataRef keyData = CFDataCreate(kCFAllocatorDefault, pkey_der, pkey_der_len);
+ CFMutableDictionaryRef parameters = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
+ CFDictionarySetValue(parameters, kSecAttrKeyType, ecdsa?kSecAttrKeyTypeECSECPrimeRandom:kSecAttrKeyTypeRSA);
+ CFDictionarySetValue(parameters, kSecAttrKeyClass, kSecAttrKeyClassPrivate);
+ privKey = SecKeyCreateWithData(keyData, parameters, &error);
+ CFReleaseNull(keyData);
+ CFReleaseNull(parameters);
+ CFReleaseNull(error);
+ return privKey;
+}
+
+CFArrayRef chain_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len)
+{
+ SecKeyRef pkey = NULL;
+ SecCertificateRef cert = NULL;
+ SecIdentityRef ident = NULL;
+ CFArrayRef items = NULL;
+
+ require(pkey = create_private_key_from_der(ecdsa, pkey_der, pkey_der_len), errOut);
+ require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
+ require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
+ require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
+
+errOut:
+ CFReleaseSafe(pkey);
+ CFReleaseSafe(cert);
+ CFReleaseSafe(ident);
+ return items;
+}
+
projects / apple / security.git / blobdiff