Re: SSL host name checking doesn't understand wildcard subdomains?
Re: SSL host name checking doesn't understand wildcard subdomains?
- Subject: Re: SSL host name checking doesn't understand wildcard subdomains?
- From: Jens Alfke <email@hidden>
- Date: Tue, 15 May 2012 10:52:42 -0700
On May 15, 2012, at 2:01 AM, Quinn The Eskimo! wrote:
> I didn't test the NSHost approach because NSHost is just not safe […] Simply constructing an NSHost will trigger a synchronous DNS lookup, thus making it unsuitable to use on the main thread <rdar://problem/3410097>.
Crap, I know NSHost was bad, but I didn’t know it was _that_ bad. :(
Shouldn’t +[NSStream getStreamsToHost…], and NSHost itself, be deprecated, then?
And does this mean that there is no good Cocoa method to open a TCP socket? One has to drop down to CF for this basic functionality? :-p
> I did however test the CFStreamCreatePairWithSocketToHost code path, although it's a bit hidden in the snippet I posted. […] I'm not sure why you're not seeing the host get passed down to Secure Transport in that case.
Sounds like this is a bug in the NSStream method, then; I should just stop using it. I’ve already got the CFStream call in an #ifdef for iOS, so I’ll just change my code to unconditionally use that. Thanks again!
—Jens
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden