Made ‘sqSetupSSL’ in ‘sqMacSSL.c’ handle the ‘CERTNAME’ property havi…

…ng been set (by searching for a valid identity with the property value as its subject through ‘SecItemCopyMatching’ and setting it as the SSL session context’s certificate through ‘SSLSetCertificate’).
pharo-project · Jun 16, 2024 · 28670bc · 28670bc
1 parent 539aedd
commit 28670bc
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c b/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c
@@ -206,6 +206,40 @@ OSStatus sqSetupSSL(sqSSL* ssl, int isServer)
         }
     }
 
+    if (ssl->certName) {
+        CFStringRef certName = CFStringCreateWithCString(kCFAllocatorDefault, ssl->certName, kCFStringEncodingASCII);
+        if (certName == NULL)
+            return SQSSL_GENERIC_ERROR;
+        CFMutableDictionaryRef query = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+        if (query == NULL) {
+            CFRelease(certName);
+            return SQSSL_GENERIC_ERROR;
+        }
+        CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
+        CFDictionarySetValue(query, kSecReturnRef, kCFBooleanTrue);
+        CFDictionarySetValue(query, kSecClass, kSecClassIdentity);
+        CFDictionarySetValue(query, kSecMatchSubjectWholeString, certName);
+        CFDictionarySetValue(query, kSecMatchValidOnDate, kCFNull);
+        CFRelease(certName);
+        SecIdentityRef identity;
+        status = SecItemCopyMatching(query, (CFTypeRef*) &identity);
+        CFRelease(query);
+        if (status != noErr) {
+            logStatus(status, status == errSecItemNotFound ? "SecItemCopyMatching had no results" : "SecItemCopyMatching failed");
+            return status;
+        }
+        CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **)&identity, 1, &kCFTypeArrayCallBacks);
+        CFRelease(identity);
+        if (certs == NULL)
+            return SQSSL_GENERIC_ERROR;
+        status = SSLSetCertificate(ssl->ctx, certs);
+        CFRelease(certs);
+        if (status != noErr) {
+            logStatus(status, "SSLSetCertificate failed");
+            return status;
+        }
+    }
+
     return status;
 }