Re: Anyone got SSL over NSStreams to work?
Re: Anyone got SSL over NSStreams to work?
- Subject: Re: Anyone got SSL over NSStreams to work?
- From: Daniel Jalkut <email@hidden>
- Date: Mon, 29 Aug 2005 20:19:34 -0400
On Aug 29, 2005, at 1:34 PM, Becky Willrich wrote:
-9813 looks like a security error; looking at SecureTransport.h,
-9813 is errSSLNoRootCert. Are you sure the certificate on the
server you're trying to contact is good? To test, you might set
your streams to somewhere with a known good certificate, like the
https port (443) of a banking or e-commerce site (first make sure
your browser can get there, to make sure the port's really open).
In my somewhat limited experience, it's very common for these kinds
of errors arise because a site is using a certificate that isn't
"bad," but is in fact "too new." If it's signed by an authority whose
root certificate has not yet been included in the Mac's standard root
certificates, it will get rejected. This often afflicts sites who
are just trying to "go secure" because they buy from companies who
are using their latest root certificates to authenticate.
I can't tell whether PC users get automatically updated certificates
faster, or if the problem is just as rampant on that side of the fence.
It seems like it would be in both Apple's and the big security
companies' best interests to work towards near-instantaneous updates
of trusted certificates when a new root is introduced, and to make it
exceedingly easy for users to update their own trusted certs. I know
Apple made the self-update process easier starting in around 10.3 or
so, but I'm still surprised that VeriSign, etc., all don't make it
really easy for any customer on Mac or PC to easily update to their
latest certs.
Daniel
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden