Re: Question on getting SSL streams using 10.1.5 and 10.2
Re: Question on getting SSL streams using 10.1.5 and 10.2
- Subject: Re: Question on getting SSL streams using 10.1.5 and 10.2
- From: Jeremy Wyld <email@hidden>
- Date: Mon, 19 May 2003 14:13:21 -0700
When using CFHTTPStream's, simply using an URL with a "https" scheme
will cause security to be done automatically. You should only have to
set the security level if you are needing to set a custom security
level or if you are using CFSocketStream directly.
Setting kCFStreamPropertySocketSecurityLevel requires one of the proper
values which are
kCFStreamSocketSecurityLevelNone
kCFStreamSocketSecurityLevelSSLv2
kCFStreamSocketSecurityLevelSSLv3
kCFStreamSocketSecurityLevelTLSv1
kCFStreamSocketSecurityLevelNegotiatedSSL
Using CFSocketStreamPairSetSecurityProtocol is similar but the last
argument is an enum instead
CFSocketStreamPairSetSecurityProtocol(readStreamRef, NULL, <security
level>);
where <security level> is one of
kCFStreamSocketSecurityNone
kCFStreamSocketSecuritySSLv2
kCFStreamSocketSecuritySSLv3
kCFStreamSocketSecuritySSLv23
kCFStreamSocketSecurityTLSv1
Based upon your snippet here, you should not need to concern yourself
with either of the calls though.
jeremy
On Friday, May 16, 2003, at 10:08 AM, Jim O'Connor wrote:
I need to be able to verify that this code does, in fact, get a secure
connection for both OS X.1.5 and OS X.2. CFReadStreamSetProperty
consistently returns "false" though there is circumstantial evidence
that it
does get a secure connection. I need to get SOME documentation on the
deprecated call CFSocketStreamPairSetSecurityProtocol or sample code
which
shows it in use.
Any help would be appreciated. Pointers to relevant documentation (none
shows up when I do a google search or Apple search beyond what is in
the
headers for CFSocketStreamPairSetSecurityProtocol) would be very
helpful.
Experience from people who've used these calls would be great.
Thanks,
Jim O'Connor
static EventLoopTimerUPP networkTimeoutTimerUPP;
CFHTTPMessageRef messageRef = NULL;
CFReadStreamRef readStreamRef = NULL;
OSStatus stat;
CFArrayRef peerCerts;
const char *bytes;
vector<char> buffer;
ostringstream ostm;
ostm << "https://" << CHTTPBridge::g_destMachine << ":" <<
CHTTPBridge::g_destPort << CHTTPBridge::g_destURL;
std::string url = ostm.str();
std::ostringstream urlStm;
urlStm << "XML=" << request;
std::string test = urlStm.str();
CFURLRef urlRef = ::CFURLCreateWithBytes( kCFAllocatorDefault,
(const
UInt8*)url.c_str(), strlen(url.c_str()), CFStringGetSystemEncoding(),
NULL
);
CFDataRef data = ::CFDataCreate( kCFAllocatorDefault, (const
UInt8*)test.c_str(), strlen( test.c_str() ) );
if ( urlRef == NULL )
ASSERTMSG("Couldn't create the URL");
messageRef = CFHTTPMessageCreateRequest( kCFAllocatorDefault,
CFSTR("POST"), urlRef, kCFHTTPVersion1_1 );
CFHTTPMessageSetBody(messageRef, data);
if ( messageRef == NULL )
ASSERTMSG("Couldn't create the http request");
// Create the stream for the request.
readStreamRef = CFReadStreamCreateForHTTPRequest(
kCFAllocatorDefault,
messageRef );
if ( readStreamRef == NULL )
ASSERTMSG("Couldn't create the read stream");
#if MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_2
if (!::CFReadStreamSetProperty( readStreamRef,
kCFStreamPropertySocketSecurityLevel, kCFBooleanTrue ))
ASSERTMSG("kCFStreamPropertySocketSecurityLevel to true
failed");
#else // required to work with Mac OS X.1.5 which doesn't have
CFReadStreamSetProperty
#if USE_10_2_CALLS_IF_AVAILABLE
typedef Boolean (*CFReadStreamSetPropertyPtr)(CFReadStreamRef
stream,CFStringRef propertyName,CFTypeRef propertyValue);
CFReadStreamSetPropertyPtr cfrsspp;
CFBundleRef CoreServices =
CFBundleGetBundleWithIdentifier(CFSTR("com.apple.CFNetwork"));
if (CoreServices &&
(cfrsspp =
(CFReadStreamSetPropertyPtr)(CFBundleGetFunctionPointerForName(CoreServ
ices,
CFSTR("CFReadStreamSetProperty")))) != NULL)
{
if (!cfrsspp( readStreamRef,
CFSTR("kCFStreamPropertySocketSecurityLevel"), kCFBooleanTrue ))
ASSERTMSG("kCFStreamPropertySocketSecurityLevel to true
failed");
}
else
#endif // USE_10_2_CALLS_IF_AVAILABLE
{
if (!::CFSocketStreamPairSetSecurityProtocol( readStreamRef,
NULL,
kCFStreamSocketSecuritySSLv23 ))
ASSERTMSG("kCFStreamPropertySocketSecurityLevel to
kCFStreamSocketSecurityLevelNegotiatedSSL replacement not
implemented");
}
#endif // joconnor
// Schedule the stream
CFReadStreamScheduleWithRunLoop( readStreamRef,
CFRunLoopGetCurrent(),
kCFRunLoopCommonModes );
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.