Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
641 views
in Technique[技术] by (71.8m points)

iphone - NSStream SSL on used socket

I am writing an application that uses NSStream's SSL functions on the iphone. I know that SSL is working because I can directly connect servers using SSL.
I have encountered a problem where protocols that use starttls require me to communicate on the socket with unsecured, send the starttls command and then reuse the same socket for SSL. As far as i know nsstream connections cannot be reused and i can't start SSL on them after i have opened the connection.

I thought about creating my own socket, communicating on it manually and then setting up an NSstream using the existing socket and start SSL that way. However, it appears the communicating on the socket places it in a state where i cant start SSL on it. Any attempt to use the socket for nsstream results in an error.

Any thoughts?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

This is the correct way to do this. while doing this (setting the property after socket connection) is undocumented, this is code directly from my Monal xmpp client and apple has never given me any problems in the app store.

 NSInputStream *iStream;
NSOutputStream *oStream;


CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)server, port, &iStream, &oStream);


[iStream open];
    [oStream open];

Once the connection has been opened and you get NSStreamEventOpenCompleted and the startTLS command has been sent to the host from the client:

NSDictionary *settings = [ [NSDictionary alloc ] 
                                  initWithObjectsAndKeys:
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsExpiredCertificates",
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsExpiredRoots",
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsAnyRoot",
                                  [NSNumber numberWithBool:NO], @"kCFStreamSSLValidatesCertificateChain",
                                  [NSNull null],@"kCFStreamSSLPeerName",
                                  @"kCFStreamSocketSecurityLevelNegotiatedSSL", 
                                  @"kCFStreamSSLLevel",
                                  nil ];
        CFReadStreamSetProperty((CFReadStreamRef)iStream, 
                                @"kCFStreamPropertySSLSettings", (CFTypeRef)settings);
        CFWriteStreamSetProperty((CFWriteStreamRef)oStream, 
                                 @"kCFStreamPropertySSLSettings", (CFTypeRef)settings);

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...