• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
using kCFStreamPropertySSLSettings for CFStreams on 10.4
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

using kCFStreamPropertySSLSettings for CFStreams on 10.4


  • Subject: using kCFStreamPropertySSLSettings for CFStreams on 10.4
  • From: Greg Robbins <email@hidden>
  • Date: Thu, 21 Jul 2005 18:59:57 -0700

I'm using a CFReadStream for an http POST. It works fine, but will fail with a server that has an expired certificate; my callback gets message kCFStreamEventErrorOccurred with the error -9814, errSSLCertExpired.

Tiger offers some properties to work around this, so I'm trying to set them:

sslDict = CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
     &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if (sslDict)
{
  CFDictionaryAddValue(sslDict, kCFStreamSSLAllowsExpiredCertificates,
    kCFBooleanTrue);
  CFDictionaryAddValue(sslDict, kCFStreamSSLAllowsExpiredRoots,
    kCFBooleanTrue);

  CFReadStreamSetProperty(m_activeStream, kCFStreamPropertySSLSettings,
    sslDict);
}

However, adding that to my active CFReadStream prior to opening the stream causes all reads to fail, even non-SSL reads, with my callback getting the kCFStreamEventErrorOccurred message and error -9800, errSSLProtocol.

Even if I don't add values to the dictionary and use CFReadStreamSetProperty to set the ssl settings property to be the empty dictionary, I get errSSLProtocol on all attempts to read from the stream, even for non-SSL reads.

Is there something else needed to ignore bad SSL certs with CFStreams, or is there some example code that shows how to use kCFStreamPropertySSLSettings?

Are there other ways under Panther or Tiger to do SSL network operations on servers with bad certificates without dropping down to sockets for the networking?

Greg Robbins
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Follow-Ups:
    • Re: using kCFStreamPropertySSLSettings for CFStreams on 10.4
      • From: Jeremy Wyld <email@hidden>
  • Prev by Date: Re: How to detect Wifi device?
  • Next by Date: Re: using kCFStreamPropertySSLSettings for CFStreams on 10.4
  • Previous by thread: Re: How to detect Wifi device?
  • Next by thread: Re: using kCFStreamPropertySSLSettings for CFStreams on 10.4
  • Index(es):
    • Date
    • Thread