• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: SSL websocket server, part two
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL websocket server, part two


  • Subject: Re: SSL websocket server, part two
  • From: Mitchell Laurren-Ring <email@hidden>
  • Date: Tue, 11 Nov 2014 17:53:20 -0800

On Nov 11, 2014, at 1:45 AM, Quinn The Eskimo! <email@hidden> wrote:

>
> On 11 Nov 2014, at 01:40, Mitchell Laurren-Ring <email@hidden> wrote:
>
>> It looks to me like the client’s SSL stack is ending the conversation early by setting the FIN flag in step #7. Is that a correct conclusion?
>
> Yes, but the weird part is that, at the time it initiates the disconnect (packet 7), the client hasn't received any actual data from the server.  Normally, if the client is going to drop a connection like this, it does so /after/ receiving some data from the server (like the Server Hello) but in this case the client is dropping the connection before receiving any data.
>
> What does the timing look like here?  Perhaps the client is failing because the server hasn't responded quickly enough?
>


I think you’re on to something here. It takes almost 5 seconds for the server to send “Server Hello” after the “Client Hello” is received. Most of this delay is caused by the call I make to SecTrustEvaluate at the start of the connection. I realize this is not optimal for performance, but assuming that it is a requirement to load the SecIdentityRef at the start of each connection, is SecTrustEvaluate necessary? Here’s roughly how my code looks:

	SecTrustCreateWithCertificates
	SecTrustEvaluate
	SecTrustGetResult
	SecIdentityCreateWithCertificate

SecTrustEvaluate seems to have the side effect of retrieving the CA certificates for my certificate, which is retrieved from another server when a connection is started. It seems like I should just be able to call SecIdentityCreateWithCertificate, but if I skip the first 3 functions, I get errSSLBadConfiguration from SSLHandshake. In Wireshark, I can see that the server is sending an SSL Alert after the Client Hello.

Is there a better way to create an identity from certificate and key data in memory?

/Mick


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


  • Follow-Ups:
    • Re: SSL websocket server, part two
      • From: "Quinn \"The Eskimo!\"" <email@hidden>
References: 
 >SSL websocket server, part two (From: Mitchell Laurren-Ring <email@hidden>)
 >Re: SSL websocket server, part two (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: SSL websocket server, part two (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: SSL websocket server, part two (From: Mitchell Laurren-Ring <email@hidden>)
 >Re: SSL websocket server, part two (From: "Quinn \"The Eskimo!\"" <email@hidden>)

  • Prev by Date: Re: Bonjour Via Peer-Peer WIFI - Reachability Issue
  • Next by Date: Re: Bonjour Via Peer-Peer WIFI - Reachability Issue
  • Previous by thread: Re: SSL websocket server, part two
  • Next by thread: Re: SSL websocket server, part two
  • Index(es):
    • Date
    • Thread