Add notification for verify failure

Author: rfm

Headers/GNUstepBase/GSTLS.h

@@ -56,6 +56,11 @@ GS_EXPORT NSString * const GSTLSVerify;
 #endif
 #undef	id
 
+/** Notification posted whenever a connection (handled by a [GSTLSSession]
+ * instance) to a TLS server fails certificate or host name verification.
+ */
+GS_EXPORT NSString* const GSTLSVerifyFailedNotification;
+
 /* This class is used to ensure that the GNUTLS system is initialised
  * and thread-safe.  It also provides a mechanism to save certificate
  * and key information in memory by associating a 'filename' with the
@@ -254,12 +259,21 @@ GS_EXPORT_CLASS
  */
 - (BOOL) handshake;
 
+/** Returns the name of the host this session connects to, or nil if it
+ * is not to a named host.
+ */
+- (NSString*) hostName;
+
 /** If the session verified a certificate from the remote end, returns the
  * name of the certificate issuer in the form "C=xxxx,O=yyyy,CN=zzzz" as
  * described in RFC4514.  Otherwise returns nil.
  */
 - (NSString*) issuer;
 
+/** Returns the configured options for this session.
+ */
+- (NSDictionary*) options;
+
 /** If the session verified a certificate from the remote end, returns the
  * name of the certificate owner in the form "C=xxxx,O=yyyy,CN=zzzz" as
  * described in RFC4514.  Otherwise returns nil.

Source/GSTLS.m

@@ -43,6 +43,9 @@
 
 #import "GSPrivate.h"
 
+NSString* const GSTLSVerifyFailedNotification
+  = @"GSTLSVerifyFailedNotification";
+
 @interface	NSString(gnutlsFileSystemRepresentation)
 - (const char*) gnutlsFileSystemRepresentation;
 @end
@@ -1648,6 +1651,15 @@ - (void) finalize
   [super finalize];
 }
 
+- (NSString*) hostName
+{
+  if (outgoing)
+    {
+      return [opts objectForKey: GSTLSServerName];
+    }
+  return nil;
+}
+
 - (id) initWithOptions: (NSDictionary*)options
              direction: (BOOL)isOutgoing
              transport: (void*)ioHandle
@@ -2047,6 +2059,12 @@ - (BOOL) handshake
                 handle, gnutls_strerror(ret));
               NSLog(@"%p failed verify:\n%@", handle, [self sessionInfo]);
             }
+	  if (outgoing)
+	    {
+              [[NSNotificationCenter defaultCenter]
+                postNotificationName: GSTLSVerifyFailedNotification
+                  object: self];
+	    }
           if (requireVerified)
             {
               [self disconnect: NO];
@@ -2068,6 +2086,11 @@ - (NSString*) issuer
   return issuer;
 }
 
+- (NSDictionary*) options
+{
+  return opts;
+}
+
 - (NSString*) owner
 {
   return owner;

Tests/base/NSStream/socket.m

@@ -100,6 +100,7 @@ - (void)stream: (NSStream *)theStream handleEvent: (NSStreamEvent)streamEvent
       {
         NSAssert1(1, @"Error! code is %ld",
           (long int)[[theStream streamError] code]);
+	done = YES;
         break;
       }  
     }