diff -r 6f539dd9921c -r 6d1392a3e0a6 TCP/TCPEndpoint.h --- a/TCP/TCPEndpoint.h Thu May 29 16:40:36 2008 -0700 +++ b/TCP/TCPEndpoint.h Tue Jun 23 13:52:28 2009 -0700 @@ -7,6 +7,7 @@ // #import +#import #if TARGET_OS_IPHONE #include #else @@ -15,10 +16,26 @@ // SSL properties: + +/** This defines the SSL identity to be used by this endpoint. + The value is an NSArray (or CFArray) whose first item must be a SecIdentityRef; + optionally, it can also contain SecCertificateRefs for supporting certificates in the + validation chain. */ #define kTCPPropertySSLCertificates ((NSString*)kCFStreamSSLCertificates) + +/** If set to YES, the connection will accept self-signed certificates from the peer, + or any certificate chain that terminates in an unrecognized root. */ #define kTCPPropertySSLAllowsAnyRoot ((NSString*)kCFStreamSSLAllowsAnyRoot) -extern NSString* const kTCPPropertySSLClientSideAuthentication; // value is TCPAuthenticate enum +/** This sets the hostname that the peer's certificate must have. + (The default value is the hostname, if any, that the connection was opened with.) + Setting a value of [NSNull null] completely disables host-name checking. */ +#define kTCPPropertySSLPeerName ((NSString*)kCFStreamSSLPeerName) + +/** Specifies whether the client (the peer that opened the connection) will use a certificate. + The value is a TCPAuthenticate enum value wrapped in an NSNumber. */ +extern NSString* const kTCPPropertySSLClientSideAuthentication; + typedef enum { kTCPNeverAuthenticate, /* skip client authentication */ kTCPAlwaysAuthenticate, /* require it */ @@ -46,6 +63,10 @@ - (void) setSSLProperty: (id)value forKey: (NSString*)key; +/** High-level setup for secure P2P connections. Uses the given identity for SSL, + requires peers to use SSL, turns off root checking and peer-name checking. */ +- (void) setPeerToPeerIdentity: (SecIdentityRef)identity; + //protected: - (void) tellDelegate: (SEL)selector withObject: (id)param;