Re: SSL host name checking doesn't understand wildcard subdomains?
Re: SSL host name checking doesn't understand wildcard subdomains?
- Subject: Re: SSL host name checking doesn't understand wildcard subdomains?
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Tue, 15 May 2012 10:01:12 +0100
On 14 May 2012, at 18:18, Jens Alfke wrote:
> I’m not using this API to open the socket; rather, I use CFStreamCreatePairWithSocketToHost (on iOS) or +[NSStream getStreamsToHost…] (Mac OS).
I didn't test the NSHost approach because NSHost is just not safe [1]. I did however test the CFStreamCreatePairWithSocketToHost code path, although it's a bit hidden in the snippet I posted. In the NO branch of the if, I call +[NSStream qNetworkAdditions_getStreamsToHostNamed:port:inputStream:outputStream:], the code for which you can find in QA1652 "Using NSStreams For A TCP Connection Without NSHost".
<https://developer.apple.com/library/ios/#qa/qa1652/_index.html>
I'm not sure why you're not seeing the host get passed down to Secure Transport in that case. Regardless, setting kCFStreamSSLPeerName is a perfectly reasonable workaround.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
[1] Simply constructing an NSHost will trigger a synchronous DNS lookup, thus making it unsuitable to use on the main thread <rdar://problem/3410097>.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden