From 8192da790f20638b480a2fd76567142e1dcf7c32 Mon Sep 17 00:00:00 2001 From: Benjamin Sergeant Date: Mon, 23 Dec 2019 17:15:17 -0800 Subject: [PATCH] wip --- ixwebsocket/IXSocketAppleSSL.cpp | 48 ++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/ixwebsocket/IXSocketAppleSSL.cpp b/ixwebsocket/IXSocketAppleSSL.cpp index e59196c2..d6fe80b7 100644 --- a/ixwebsocket/IXSocketAppleSSL.cpp +++ b/ixwebsocket/IXSocketAppleSSL.cpp @@ -146,8 +146,52 @@ namespace ix bool SocketAppleSSL::accept(std::string& errMsg) { - errMsg = "TLS not supported yet in server mode with apple ssl backend"; - return false; + OSStatus status; + { + std::lock_guard lock(_mutex); + + _sslContext = SSLCreateContext(kCFAllocatorDefault, kSSLServerSide, kSSLStreamType); + + SSLSetIOFuncs(_sslContext, SocketAppleSSL::readFromSocket, SocketAppleSSL::writeToSocket); + SSLSetConnection(_sslContext, (SSLConnectionRef)(long) _sockfd); + SSLSetProtocolVersionMin(_sslContext, kTLSProtocol12); + + if (_tlsOptions.isPeerVerifyDisabled()) + { + Boolean option(1); + SSLSetSessionOption(_sslContext, kSSLSessionOptionBreakOnServerAuth, option); + + do + { + status = SSLHandshake(_sslContext); + } while (errSSLWouldBlock == status || errSSLServerAuthCompleted == status); + + if (status == errSSLServerAuthCompleted) + { + // proceed with the handshake + do + { + status = SSLHandshake(_sslContext); + } while (errSSLWouldBlock == status || errSSLServerAuthCompleted == status); + } + } + else + { + do + { + status = SSLHandshake(_sslContext); + } while (errSSLWouldBlock == status || errSSLServerAuthCompleted == status); + } + } + + if (noErr != status) + { + errMsg = getSSLErrorDescription(status); + close(); + return false; + } + + return true; } // No wait support