diff --git a/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c b/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c index 4b61be6aea..2c28e855e9 100644 --- a/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c +++ b/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c @@ -206,6 +206,40 @@ OSStatus sqSetupSSL(sqSSL* ssl, int isServer) } } + if (ssl->certName) { + CFStringRef certName = CFStringCreateWithCString(kCFAllocatorDefault, ssl->certName, kCFStringEncodingASCII); + if (certName == NULL) + return SQSSL_GENERIC_ERROR; + CFMutableDictionaryRef query = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + if (query == NULL) { + CFRelease(certName); + return SQSSL_GENERIC_ERROR; + } + CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne); + CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue); + CFDictionarySetValue(query, kSecClass, kSecClassIdentity); + CFDictionarySetValue(query, kSecMatchSubjectWholeString, certName); + CFDictionarySetValue(query, kSecMatchValidOnDate, kCFNull); + CFRelease(certName); + SecIdentityRef identity; + status = SecItemCopyMatching(query, (CFTypeRef*) &identity); + CFRelease(query); + if (status != noErr) { + logStatus(status, status == errSecItemNotFound ? "SecItemCopyMatching had no results" : "SecItemCopyMatching failed"); + return status; + } + CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **)&identity, 1, &kCFTypeArrayCallBacks); + CFRelease(identity); + if (certs == NULL) + return SQSSL_GENERIC_ERROR; + status = SSLSetCertificate(ssl->ctx, certs); + CFRelease(certs); + if (status != noErr) { + logStatus(status, "SSLSetCertificate failed"); + return status; + } + } + return status; } @@ -626,7 +660,7 @@ sqInt sqAcceptSSL(sqInt handle, char* srcBuf, sqInt srcLen, char* dstBuf, } /* We are connected. Verify the cert. */ ssl->state = SQSSL_CONNECTED; - return SQSSL_OK; + return ssl->outLen; } /* sqEncryptSSL: Encrypt data for SSL transmission.