Re: Security with Streams
Re: Security with Streams
- Subject: Re: Security with Streams
- From: "Gerriet M. Denkmann" <email@hidden>
- Date: Mon, 27 Jun 2016 09:55:54 +0700
> On 27 Jun 2016, at 06:11, Jens Alfke <email@hidden> wrote:
>
>> On Jun 25, 2016, at 7:44 PM, Gerriet M. Denkmann <email@hidden> wrote:
>
>> Absolutely not sure whether the code above is correct, but it seems to be working.
> It’s fine; the certificate is public and intended to be shared. It’s the private key that’s sensitive. What you’re describing is called “key-pinning”: restricting a client to connect only with a server with a known public key.
That is very reassuring to know. Thanks for the confirmation.
> That was fast! This is frustrating stuff to implement. Or maybe the docs have gotten a lot better recently ;-)
I am great, am I not? (Well, to be honest, I have been struggling with this for weeks, and also borrowed heavily from the Apple sample code TLSTool)
> If every instance of the server has its own key, then embedding a cert in the client app doesn’t work.
This project is for my own personal use. So there is just one server.
> The situation you want to watch out for is where the client connects to a server it’s already connected to, but the cert’s public key doesn’t match the previous one.
In this case the client will close the connection immediately.
Kind regards,
Gerriet.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden