1.1 --- a/TCP/TCPEndpoint.h Thu May 29 16:40:36 2008 -0700
1.2 +++ b/TCP/TCPEndpoint.h Tue Jun 23 12:46:40 2009 -0700
1.3 @@ -7,6 +7,7 @@
1.4 //
1.5
1.6 #import <Foundation/Foundation.h>
1.7 +#import <Security/SecBase.h>
1.8 #if TARGET_OS_IPHONE
1.9 #include <CFNetwork/CFSocketStream.h>
1.10 #else
1.11 @@ -15,10 +16,26 @@
1.12
1.13
1.14 // SSL properties:
1.15 +
1.16 +/** This defines the SSL identity to be used by this endpoint.
1.17 + The value is an NSArray (or CFArray) whose first item must be a SecIdentityRef;
1.18 + optionally, it can also contain SecCertificateRefs for supporting certificates in the
1.19 + validation chain. */
1.20 #define kTCPPropertySSLCertificates ((NSString*)kCFStreamSSLCertificates)
1.21 +
1.22 +/** If set to YES, the connection will accept self-signed certificates from the peer,
1.23 + or any certificate chain that terminates in an unrecognized root. */
1.24 #define kTCPPropertySSLAllowsAnyRoot ((NSString*)kCFStreamSSLAllowsAnyRoot)
1.25
1.26 -extern NSString* const kTCPPropertySSLClientSideAuthentication; // value is TCPAuthenticate enum
1.27 +/** This sets the hostname that the peer's certificate must have.
1.28 + (The default value is the hostname, if any, that the connection was opened with.)
1.29 + Setting a value of [NSNull null] completely disables host-name checking. */
1.30 +#define kTCPPropertySSLPeerName ((NSString*)kCFStreamSSLPeerName)
1.31 +
1.32 +/** Specifies whether the client (the peer that opened the connection) will use a certificate.
1.33 + The value is a TCPAuthenticate enum value wrapped in an NSNumber. */
1.34 +extern NSString* const kTCPPropertySSLClientSideAuthentication;
1.35 +
1.36 typedef enum {
1.37 kTCPNeverAuthenticate, /* skip client authentication */
1.38 kTCPAlwaysAuthenticate, /* require it */
1.39 @@ -46,6 +63,10 @@
1.40 - (void) setSSLProperty: (id)value
1.41 forKey: (NSString*)key;
1.42
1.43 +/** High-level setup for secure P2P connections. Uses the given identity for SSL,
1.44 + requires peers to use SSL, turns off root checking and peer-name checking. */
1.45 +- (void) setPeerToPeerIdentity: (SecIdentityRef)identity;
1.46 +
1.47 //protected:
1.48 - (void) tellDelegate: (SEL)selector withObject: (id)param;
1.49