How to enable client-side SSL cert checking in CFStream?
How to enable client-side SSL cert checking in CFStream?
- Subject: How to enable client-side SSL cert checking in CFStream?
- From: Jens Alfke <email@hidden>
- Date: Wed, 14 May 2008 15:05:33 -0700
| I'm using NSStream for TCP connections. I need to use SSL, with both peers presenting and checking certificates. I've gotten this working to the degree that it opens an SSL connection, and the client can get the server's cert by accessing kCFStreamPropertySSLPeerCertificates ... but on the server side, the client's cert comes back as NULL, and in fact the connection still opens even if I don't set a cert at all on the client side.
I'm not familiar with the underlying <SecureTransport.h> API, but from the header it looks like the call that isn't happening but needs to is SSLSetClientSideAuthenticate. The comment says the default value is kNeverAuthenticate; I need to change this to kAlwaysAuthenticate.
There are no documented properties for this in <CFStream.h>. Nor does there seem to be a way to get the streams' SSLContextRef. Help! What can I do?
—Jens |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden