TCP/TCPEndpoint.h
changeset 53 e9f209a24d53
parent 8 6f539dd9921c
     1.1 --- a/TCP/TCPEndpoint.h	Thu May 29 16:40:36 2008 -0700
     1.2 +++ b/TCP/TCPEndpoint.h	Tue Jun 23 12:46:40 2009 -0700
     1.3 @@ -7,6 +7,7 @@
     1.4  //
     1.5  
     1.6  #import <Foundation/Foundation.h>
     1.7 +#import <Security/SecBase.h>
     1.8  #if TARGET_OS_IPHONE
     1.9  #include <CFNetwork/CFSocketStream.h>
    1.10  #else
    1.11 @@ -15,10 +16,26 @@
    1.12  
    1.13  
    1.14  // SSL properties:
    1.15 +
    1.16 +/** This defines the SSL identity to be used by this endpoint.
    1.17 +    The value is an NSArray (or CFArray) whose first item must be a SecIdentityRef;
    1.18 +    optionally, it can also contain SecCertificateRefs for supporting certificates in the
    1.19 +    validation chain. */
    1.20  #define kTCPPropertySSLCertificates  ((NSString*)kCFStreamSSLCertificates)
    1.21 +
    1.22 +/** If set to YES, the connection will accept self-signed certificates from the peer,
    1.23 +    or any certificate chain that terminates in an unrecognized root. */
    1.24  #define kTCPPropertySSLAllowsAnyRoot ((NSString*)kCFStreamSSLAllowsAnyRoot)
    1.25  
    1.26 -extern NSString* const kTCPPropertySSLClientSideAuthentication;    // value is TCPAuthenticate enum
    1.27 +/** This sets the hostname that the peer's certificate must have.
    1.28 +    (The default value is the hostname, if any, that the connection was opened with.)
    1.29 +    Setting a value of [NSNull null] completely disables host-name checking. */
    1.30 +#define kTCPPropertySSLPeerName      ((NSString*)kCFStreamSSLPeerName)
    1.31 +
    1.32 +/** Specifies whether the client (the peer that opened the connection) will use a certificate.
    1.33 +    The value is a TCPAuthenticate enum value wrapped in an NSNumber. */
    1.34 +extern NSString* const kTCPPropertySSLClientSideAuthentication;
    1.35 +
    1.36  typedef enum {
    1.37  	kTCPNeverAuthenticate,			/* skip client authentication */
    1.38  	kTCPAlwaysAuthenticate,         /* require it */
    1.39 @@ -46,6 +63,10 @@
    1.40  - (void) setSSLProperty: (id)value 
    1.41                   forKey: (NSString*)key;
    1.42  
    1.43 +/** High-level setup for secure P2P connections. Uses the given identity for SSL,
    1.44 +    requires peers to use SSL, turns off root checking and peer-name checking. */
    1.45 +- (void) setPeerToPeerIdentity: (SecIdentityRef)identity;
    1.46 +
    1.47  //protected:
    1.48  - (void) tellDelegate: (SEL)selector withObject: (id)param;
    1.49