Re: SSL host name checking doesn't understand wildcard subdomains?
Re: SSL host name checking doesn't understand wildcard subdomains?
- Subject: Re: SSL host name checking doesn't understand wildcard subdomains?
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Mon, 14 May 2012 11:00:15 +0100
On 11 May 2012, at 18:51, Jens Alfke wrote:
> I’m using NSStream to open an HTTP connection to an SSL server, but getting errSSLHostNameMismatch (-9843).
I tried this here in my office and it worked just fine. I tested both socket streams (created with CFStreamCreatePairWithSocketToHost) and an HTTP stream (created with CFReadStreamCreateForHTTPRequest). I was testing on both the iOS 4.3 and iOS 5.1 simulators. My code is below. I put this in a standard iOS test project and ran it. In both cases I saw the connection establish just fine, to the point where I got NSStreamEventHasBytesAvailable / NSStreamEventHasSpaceAvailable messages. If I was going to get a TLS failure, I'd expect to get it before those messages.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
- (IBAction)testAction:(id)sender
{
#pragma unused(sender)
NSLog(@"-[ViewController testAction:]");
if (YES) {
CFHTTPMessageRef request;
request = CFHTTPMessageCreateRequest(NULL, CFSTR("GET"), (__bridge CFURLRef) [NSURL URLWithString:@"https://snej.iriscouch.com/";], kCFHTTPVersion1_1);
assert(request != NULL);
self.inputStream = CFBridgingRelease( CFReadStreamCreateForHTTPRequest(NULL, request) );
CFRelease(request);
assert(self.inputStream != nil);
} else {
BOOL success;
NSInputStream * inStream;
NSOutputStream * outStream;
[NSStream qNetworkAdditions_getStreamsToHostNamed:@"snej.iriscouch.com" port:443 inputStream:&inStream outputStream:&outStream];
self.inputStream = inStream;
self.outputStream = outStream;
assert(self.inputStream != nil);
assert(self.outputStream != nil);
success = [self.inputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
assert(success);
}
[self.inputStream setDelegate:self];
[self.inputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[self.inputStream open];
if (self.outputStream != nil) {
[self.outputStream setDelegate:self];
[self.outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[self.outputStream open];
}
}
- (void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)event
{
NSString * streamName;
streamName = (stream == self.inputStream) ? @" input" : @"output";
switch (event) {
case NSStreamEventOpenCompleted: {
NSLog(@"%@ open", streamName);
} break;
case NSStreamEventHasBytesAvailable: {
NSLog(@"%@ has bytes", streamName);
} break;
case NSStreamEventHasSpaceAvailable: {
NSLog(@"%@ has space", streamName);
} break;
case NSStreamEventErrorOccurred: {
NSLog(@"%@ erorr %@ / %d", streamName, [[stream streamError] domain], (int) [[stream streamError] code]);
} break;
case NSStreamEventEndEncountered: {
NSLog(@"%@ end", streamName);
} break;
}
}
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden