• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Question on getting SSL streams using 10.1.5 and 10.2
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on getting SSL streams using 10.1.5 and 10.2

  • Subject: Re: Question on getting SSL streams using 10.1.5 and 10.2
  • From: Jeremy Wyld <email@hidden>
  • Date: Mon, 19 May 2003 14:13:21 -0700
When using CFHTTPStream's, simply using an URL with a "https" scheme will cause security to be done automatically. You should only have to set the security level if you are needing to set a custom security level or if you are using CFSocketStream directly.

Setting kCFStreamPropertySocketSecurityLevel requires one of the proper values which are
kCFStreamSocketSecurityLevelNone
kCFStreamSocketSecurityLevelSSLv2
kCFStreamSocketSecurityLevelSSLv3
kCFStreamSocketSecurityLevelTLSv1
kCFStreamSocketSecurityLevelNegotiatedSSL

Using CFSocketStreamPairSetSecurityProtocol is similar but the last argument is an enum instead
CFSocketStreamPairSetSecurityProtocol(readStreamRef, NULL, <security level>);
where <security level> is one of
kCFStreamSocketSecurityNone
kCFStreamSocketSecuritySSLv2
kCFStreamSocketSecuritySSLv3
kCFStreamSocketSecuritySSLv23
kCFStreamSocketSecurityTLSv1

Based upon your snippet here, you should not need to concern yourself with either of the calls though.

jeremy


On Friday, May 16, 2003, at 10:08 AM, Jim O'Connor wrote:

I need to be able to verify that this code does, in fact, get a secure
connection for both OS X.1.5 and OS X.2. CFReadStreamSetProperty
consistently returns "false" though there is circumstantial evidence that it
does get a secure connection. I need to get SOME documentation on the
deprecated call CFSocketStreamPairSetSecurityProtocol or sample code which
shows it in use.

Any help would be appreciated. Pointers to relevant documentation (none
shows up when I do a google search or Apple search beyond what is in the
headers for CFSocketStreamPairSetSecurityProtocol) would be very helpful.
Experience from people who've used these calls would be great.


Thanks,
Jim O'Connor

static EventLoopTimerUPP networkTimeoutTimerUPP;
CFHTTPMessageRef messageRef = NULL;
CFReadStreamRef readStreamRef = NULL;
OSStatus stat;
CFArrayRef peerCerts;
const char *bytes;

vector<char> buffer;

ostringstream ostm;
ostm << "https://"; << CHTTPBridge::g_destMachine << ":" <<
CHTTPBridge::g_destPort << CHTTPBridge::g_destURL;
std::string url = ostm.str();

std::ostringstream urlStm;
urlStm << "XML=" << request;

std::string test = urlStm.str();
CFURLRef urlRef = ::CFURLCreateWithBytes( kCFAllocatorDefault, (const
UInt8*)url.c_str(), strlen(url.c_str()), CFStringGetSystemEncoding(), NULL
);
CFDataRef data = ::CFDataCreate( kCFAllocatorDefault, (const
UInt8*)test.c_str(), strlen( test.c_str() ) );

if ( urlRef == NULL )
ASSERTMSG("Couldn't create the URL");

messageRef = CFHTTPMessageCreateRequest( kCFAllocatorDefault,
CFSTR("POST"), urlRef, kCFHTTPVersion1_1 );

CFHTTPMessageSetBody(messageRef, data);

if ( messageRef == NULL )
ASSERTMSG("Couldn't create the http request");

// Create the stream for the request.
readStreamRef = CFReadStreamCreateForHTTPRequest( kCFAllocatorDefault,
messageRef );
if ( readStreamRef == NULL )
ASSERTMSG("Couldn't create the read stream");

#if MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_2
if (!::CFReadStreamSetProperty( readStreamRef,
kCFStreamPropertySocketSecurityLevel, kCFBooleanTrue ))
ASSERTMSG("kCFStreamPropertySocketSecurityLevel to true failed");
#else // required to work with Mac OS X.1.5 which doesn't have
CFReadStreamSetProperty
#if USE_10_2_CALLS_IF_AVAILABLE
typedef Boolean (*CFReadStreamSetPropertyPtr)(CFReadStreamRef
stream,CFStringRef propertyName,CFTypeRef propertyValue);

CFReadStreamSetPropertyPtr cfrsspp;

CFBundleRef CoreServices =
CFBundleGetBundleWithIdentifier(CFSTR("com.apple.CFNetwork"));
if (CoreServices &&
(cfrsspp =
(CFReadStreamSetPropertyPtr)(CFBundleGetFunctionPointerForName(CoreServ ices,
CFSTR("CFReadStreamSetProperty")))) != NULL)
{
if (!cfrsspp( readStreamRef,
CFSTR("kCFStreamPropertySocketSecurityLevel"), kCFBooleanTrue ))
ASSERTMSG("kCFStreamPropertySocketSecurityLevel to true
failed");
}
else
#endif // USE_10_2_CALLS_IF_AVAILABLE
{
if (!::CFSocketStreamPairSetSecurityProtocol( readStreamRef, NULL,
kCFStreamSocketSecuritySSLv23 ))
ASSERTMSG("kCFStreamPropertySocketSecurityLevel to
kCFStreamSocketSecurityLevelNegotiatedSSL replacement not implemented");
}
#endif // joconnor
// Schedule the stream
CFReadStreamScheduleWithRunLoop( readStreamRef, CFRunLoopGetCurrent(),
kCFRunLoopCommonModes );
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
References: 
 >Question on getting SSL streams using 10.1.5 and 10.2 (From: "Jim O'Connor" <email@hidden>)

  • Prev by Date: Re: When to turn on TCP_NODELAY?
  • Next by Date: Re: When to turn on TCP_NODELAY?
  • Previous by thread: Question on getting SSL streams using 10.1.5 and 10.2
  • Next by thread: SCDynamicStoreCopyDHCPInfo & multiple DHCP servers
  • Index(es):
    • Date
    • Thread