Re: SSL host name checking doesn't understand wildcard subdomains?
Re: SSL host name checking doesn't understand wildcard subdomains?
- Subject: Re: SSL host name checking doesn't understand wildcard subdomains?
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Wed, 16 May 2012 09:48:47 +0100
On 15 May 2012, at 18:52, Jens Alfke wrote:
> Shouldn’t +[NSStream getStreamsToHost…], and NSHost itself, be deprecated, then?
I'd prefer it if we just fixed NSHost, which is the goal of the bug that I referenced in my previous post. I wouldn't hold my breath though; that bug is coming up to its 10 year anniversary )-:
> And does this mean that there is no good Cocoa method to open a TCP socket? One has to drop down to CF for this basic functionality?
Yes )-:
> Sounds like this is a bug in the NSStream method, then [...]
Yes. NSStream does call CFStreamCreatePairWithSocketToHost but it passes in an IP address rather the DNS name. This is just extra code that actively breaks things (not just TLS, but the connect-by-name smarts we added to 10.7), and I've filed a bug to get it fixed <rdar://problem/11462816>.
> I’ve already got the CFStream call in an #ifdef for iOS, so I’ll just change my code to unconditionally use that.
Yep, that's what I'd do.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden