|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
I am writing an application where the communications occur over an SSL socket. Much like ssh'ing to your home server, the intended purpose of the software does not lend itself to relying on the server having a certificate that can be validated up the chain to a valid root certificate. I would like to present the fingerprint of the server's public key to the user when connecting for the first time so they can verify it. What I have working so far is the setting up of the secured connection. I retrieved the certificate chain presented by the server through [NSStream propertyForKey:(NSString *)kCFStreamPropertySSLPeerCertificates]. >From here, I can't figure out how to get the public key or the hash of the public key. I have read and reread and implemented and reimplemented what I would think would work through the security framework. In lieu of my inability to figure this out, how would one get either of these two pieces of information from the certificate? Secondly, if I somehow manage to get the hash of the public key through kSecAttrPublicKeyHash, is this attribute giving me the calculated hash of the public key, or is it just giving me the hash that can be found in the certificate? I have been told on the openssl-users mailing list that this field does not necessarily match the real hash of the public key, so it can be a security issue if it is relied upon. Please don't flog me if I've misinterpreted that though :). Also, if I retrieve the hash through kSecAttrPublicKeyHash, what hash algorithm is used? Thanks all, Chase Douglas _______________________________________________ Do not post admin requests to the list. They will be ignored. Apple-cdsa mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.