Re: Re: Cocoa Network + SSL
Re: Re: Cocoa Network + SSL
- Subject: Re: Re: Cocoa Network + SSL
- From: "Bertrand Landry-Hetu" <email@hidden>
- Date: Sat, 5 Aug 2006 13:07:00 -0400
Unfortunately kCFStreamSSLAllowsExpiredCertificates & al. are 10.4 and
up. I had the same problem a few weeks ago and the only solution I
found was to use the security framework as Nick pointed out. That was
for supporting 10.3, there might be other issues with 10.2.
2006/8/1, Zach Wily <email@hidden>:
You can do it by taking advantage of the fact that NSStream is
toll-free bridged with CFStream. This should work in 10.2+:
NSStream *inputStream;
NSStream *outputStream;
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault,
(CFStringRef)[someURL host],
[[someURL port] intValue],
(CFReadStreamRef *)&inputStream,
(CFWriteStreamRef *)&outputStream);
// adjust as necessary
NSDictionary *sslSettings = [NSDictionary dictionaryWithObjectsAndKeys:
(NSString *)kCFStreamSocketSecurityLevelNegotiatedSSL,
kCFStreamSSLLevel,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredRoots,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
[NSNull null], kCFStreamSSLPeerName,
nil];
CFReadStreamSetProperty((CFReadStreamRef)inputStream,
kCFStreamPropertySSLSettings, sslSettings);
CFWriteStreamSetProperty((CFWriteStreamRef)outputStream,
kCFStreamPropertySSLSettings, sslSettings);
On 7/30/06, Rachel Blackman <email@hidden> wrote:
> Okay, I've hit a problem. I have an application which needs to be
> able to have a stream (SSL encrypted or non). I originally was using
> the NetSockets class, but ran into trouble trying to integrate SSL
> functionality, particularly because of the differing versions of
> OpenSSL between different versions of OS X.
>
> So I rewrote the entire thing to use NSStream, which seems a bit
> slower than using a CFSocket wrapper, but gave me optional SSL
> functionality. So, that was good. BUT, it would reject self-signed
> certificates. So, I went to add that... and discovered that the bit
> which toggles 'accept self-signed root certificates' is only
> available in Tiger, while this app needs to run under Panther as well.
>
> I'm finding myself at a bit of a loss now. Is there any Objective-C
> socket class out there which will do SSL, allowing for self-signed
> certificates, and work under both Panther and Tiger? Googling has
> turned up nothing, but I cannot believe I'm the only person out there
> who's ever had this problem! I'd prefer not to reinvent the wheel
> and have to rewrite my own wrapper class! Help? :)
>
> --
> Rachel 'Sparks' Blackman -- sysadmin, developer, mad scientist
> "If it is not broken, give me five minutes to redesign it!"
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Cocoa-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden