@@ -59,17 +59,6 @@ public enum TSTrustRoots {
5959 case certificates( [ SecCertificate ] )
6060}
6161
62- public enum TSSecIdentity {
63- /// Client authentication disabled
64- case none
65-
66- /// Client authentication with single certificate
67- case identity( SecIdentity )
68-
69- /// Client authentication with certificate chain
70- case chain( ( identity: SecIdentity , chain: [ SecCertificate ] ) )
71- }
72-
7362#if swift(>=5.5) && canImport(_Concurrency)
7463extension TSTrustRoots : @unchecked MQTTSendable { }
7564#endif
@@ -92,8 +81,11 @@ public struct TSTLSConfiguration {
9281 /// trust is used (as if `trustRoots` had been explicitly set to `.default`).
9382 public var trustRoots : TSTrustRoots ?
9483
95- /// The local identity to present in the TLS handshake. Defaults to none.
96- public var clientIdentity : TSSecIdentity
84+ /// The local identity to present in the TLS handshake. Defaults to `nil`.
85+ public var clientIdentity : SecIdentity ?
86+
87+ /// The certificates chain to use for the local identity to present in the TLS handshake. Defaults to `nil`.
88+ public var clientIdentityCertificates : [ SecCertificate ] ?
9789
9890 /// The application protocols to use in the connection. Should be an ordered list of ASCII
9991 /// strings representing the ALPN identifiers of the protocols to negotiate. For clients,
@@ -108,20 +100,23 @@ public struct TSTLSConfiguration {
108100 /// - certificateVerification: Whether to verify remote certificates. Defaults to full verification.
109101 /// - trustRoots: The trust roots to use to validate certificates. This only needs to be provided if you intend to validate certificates.
110102 /// - clientIdentity: The local identity to present in the TLS handshake. Defaults to nil.
103+ /// - clientIdentityCertificates: The certificates chain to use for the local identity to present in the TLS handshake. Defaults to `nil`.
111104 /// - applicationProtocols: The application protocols to use in the connection.
112105 @available ( OSX 10 . 14 , iOS 12 . 0 , tvOS 12 . 0 , watchOS 6 . 0 , * )
113106 public init (
114107 minimumTLSVersion: TSTLSVersion = . tlsv1,
115108 maximumTLSVersion: TSTLSVersion ? = nil ,
116109 certificateVerification: TSCertificateVerification = . fullVerification,
117110 trustRoots: TSTrustRoots ? = nil ,
118- clientIdentity: TSSecIdentity = . none,
111+ clientIdentity: SecIdentity ? = nil ,
112+ clientIdentityCertificates: [ SecCertificate ] ? = nil ,
119113 applicationProtocols: [ String ] = [ ]
120114 ) {
121115 self . minimumTLSVersion = minimumTLSVersion
122116 self . maximumTLSVersion = maximumTLSVersion
123117 self . trustRoots = trustRoots
124118 self . clientIdentity = clientIdentity
119+ self . clientIdentityCertificates = clientIdentityCertificates
125120 self . applicationProtocols = applicationProtocols
126121 self . certificateVerification = certificateVerification
127122 }
@@ -147,19 +142,19 @@ public struct TSTLSConfiguration {
147142 sec_protocol_options_set_tls_max_version ( options. securityProtocolOptions, maximumTLSVersion. sslProtocol)
148143 }
149144 }
150-
151- switch clientIdentity {
152- case . identity ( let clientIdentity) :
145+
146+ switch ( clientIdentity, clientIdentityCertificates ) {
147+ case ( let clientIdentity? , nil ) :
153148 if let secIdentity = sec_identity_create ( clientIdentity) {
154149 sec_protocol_options_set_local_identity ( options. securityProtocolOptions, secIdentity)
155150 }
156151
157- case . chain ( let clientIdentity) :
158- if let secIdentity = sec_identity_create_with_certificates ( clientIdentity. identity , clientIdentity . chain as CFArray ) {
152+ case ( let clientIdentity? , let certificates ? ) :
153+ if let secIdentity = sec_identity_create_with_certificates ( clientIdentity, certificates as CFArray ) {
159154 sec_protocol_options_set_local_identity ( options. securityProtocolOptions, secIdentity)
160155 }
161156
162- case . none :
157+ default :
163158 break
164159 }
165160
0 commit comments