using kCFStreamPropertySSLSettings for CFStreams on 10.4
using kCFStreamPropertySSLSettings for CFStreams on 10.4
- Subject: using kCFStreamPropertySSLSettings for CFStreams on 10.4
- From: Greg Robbins <email@hidden>
- Date: Thu, 21 Jul 2005 18:59:57 -0700
I'm using a CFReadStream for an http POST. It works fine, but will
fail with a server that has an expired certificate; my callback gets
message kCFStreamEventErrorOccurred with the error -9814,
errSSLCertExpired.
Tiger offers some properties to work around this, so I'm trying to set them:
sslDict = CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if (sslDict)
{
CFDictionaryAddValue(sslDict, kCFStreamSSLAllowsExpiredCertificates,
kCFBooleanTrue);
CFDictionaryAddValue(sslDict, kCFStreamSSLAllowsExpiredRoots,
kCFBooleanTrue);
CFReadStreamSetProperty(m_activeStream, kCFStreamPropertySSLSettings,
sslDict);
}
However, adding that to my active CFReadStream prior to opening the
stream causes all reads to fail, even non-SSL reads, with my callback
getting the kCFStreamEventErrorOccurred message and error -9800,
errSSLProtocol.
Even if I don't add values to the dictionary and use
CFReadStreamSetProperty to set the ssl settings property to be the
empty dictionary, I get errSSLProtocol on all attempts to read from
the stream, even for non-SSL reads.
Is there something else needed to ignore bad SSL certs with
CFStreams, or is there some example code that shows how to use
kCFStreamPropertySSLSettings?
Are there other ways under Panther or Tiger to do SSL network
operations on servers with bad certificates without dropping down to
sockets for the networking?
Greg Robbins
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden