I am writing an application where the communications occur over an SSL
socket. Much like ssh'ing to your home server, the intended purpose of
the software does not lend itself to relying on the server having a
certificate that can be validated up the chain to a valid root
certificate. I would like to present the fingerprint of the server's
public key to the user when connecting for the first time so they can
verify it. What I have working so far is the setting up of the secured
connection. I retrieved the certificate chain presented by the server
through [NSStream propertyForKey:(NSString
*)kCFStreamPropertySSLPeerCertificates].
>From here, I can't figure out how to get the public key or the hash of
the public key. I have read and reread and implemented and
reimplemented what I would think would work through the security
framework. In lieu of my inability to figure this out, how would one
get either of these two pieces of information from the certificate?
Secondly, if I somehow manage to get the hash of the public key
through kSecAttrPublicKeyHash, is this attribute giving me the
calculated hash of the public key, or is it just giving me the hash
that can be found in the certificate? I have been told on the
openssl-users mailing list that this field does not necessarily match
the real hash of the public key, so it can be a security issue if it
is relied upon. Please don't flog me if I've misinterpreted that
though :). Also, if I retrieve the hash through kSecAttrPublicKeyHash,
what hash algorithm is used?
Thanks all,
Chase Douglas
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
