• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: SSL host name checking doesn't understand wildcard subdomains?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL host name checking doesn't understand wildcard subdomains?

  • Subject: Re: SSL host name checking doesn't understand wildcard subdomains?
  • From: Jens Alfke <email@hidden>
  • Date: Mon, 14 May 2012 10:18:18 -0700

On May 14, 2012, at 3:00 AM, Quinn The Eskimo! wrote:

I tried this here in my office and it worked just fine.

Thanks for trying it out, Quinn!

       self.inputStream = CFBridgingRelease( CFReadStreamCreateForHTTPRequest(NULL, request) );

I’m not using this API to open the socket; rather, I use CFStreamCreatePairWithSocketToHost (on iOS) or +[NSStream getStreamsToHost…] (Mac OS). I’m trying to avoid CFNetwork’s HTTP stack entirely because it can’t properly read an unterminated chunk-mode response — it doesn’t call the delegate until the entire response has arrived, which is never. <rdar://11352176>

This made me wonder if the hostname isn't getting communicated properly to SecureTransport in this case. Maybe the HTTP APIs in CFNetwork tell SecureTransport the hostname, but if I use the low-level socket APIs SecureTransport doesn’t know the hostname so fails to match?

[type type type]

Yeah, that was it — apparently SecureTransport doesn’t know the hostname, so I have to set it explicitly in the kCFStreamSSLPeerName property of the kCFStreamPropertySSLSettings. Once I add that, everything works fine.

Should this be considered expected behavior, or a bug?

—Jens
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: SSL host name checking doesn't understand wildcard subdomains?
      • From: "Quinn \"The Eskimo!\"" <email@hidden>
References: 
 >SSL host name checking doesn't understand wildcard subdomains? (From: Jens Alfke <email@hidden>)
 >Re: SSL host name checking doesn't understand wildcard subdomains? (From: "Quinn \"The Eskimo!\"" <email@hidden>)

  • Prev by Date: Re: ip level NKE : Parse out data in HTTP POST request
  • Next by Date: Using CFHTTPMessage to parse response header but not body?
  • Previous by thread: Re: SSL host name checking doesn't understand wildcard subdomains?
  • Next by thread: Re: SSL host name checking doesn't understand wildcard subdomains?
  • Index(es):
    • Date
    • Thread