使用套接字上的NSStream SSL [英] NSStream SSL on used socket

问题描述

我正在编写一个在iphone上使用NSStream的SSL功能的应用程序。我知道SSL正在工作，因为我可以使用SSL直接连接服务器。

我遇到了一个问题，即使用starttls的协议要求我使用不安全的套接字进行通信，发送starttls命令然后重复使用SSL的相同套接字。据我所知，nsstream连接无法重用，我打开连接后无法在它们上启动SSL。

I am writing an application that uses NSStream's SSL functions on the iphone. I know that SSL is working because I can directly connect servers using SSL.
I have encountered a problem where protocols that use starttls require me to communicate on the socket with unsecured, send the starttls command and then reuse the same socket for SSL. As far as i know nsstream connections cannot be reused and i can't start SSL on them after i have opened the connection.

我考虑创建自己的套接字，手动进行通信，然后使用现有套接字设置NSstream并以这种方式启动SSL。但是，看起来套接字上的通信将其置于我无法在其上启动SSL的状态。任何尝试将套接字用于nsstream都会导致错误。

I thought about creating my own socket, communicating on it manually and then setting up an NSstream using the existing socket and start SSL that way. However, it appears the communicating on the socket places it in a state where i cant start SSL on it. Any attempt to use the socket for nsstream results in an error.

有什么想法吗？

推荐答案

这是正确的做法这个。这样做（在套接字连接后设置属性）没有记录，这是我的Monal xmpp客户端的代码，苹果从来没有在应用程序商店给我任何问题。

This is the correct way to do this. while doing this (setting the property after socket connection) is undocumented, this is code directly from my Monal xmpp client and apple has never given me any problems in the app store.

 NSInputStream *iStream;
NSOutputStream *oStream;


CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)server, port, &iStream, &oStream);


[iStream open];
    [oStream open];

一旦打开连接并获得NSStreamEventOpenCompleted并且startTLS命令已从以下位置发送到主机客户：

Once the connection has been opened and you get NSStreamEventOpenCompleted and the startTLS command has been sent to the host from the client:

NSDictionary *settings = [ [NSDictionary alloc ] 
                                  initWithObjectsAndKeys:
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsExpiredCertificates",
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsExpiredRoots",
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsAnyRoot",
                                  [NSNumber numberWithBool:NO], @"kCFStreamSSLValidatesCertificateChain",
                                  [NSNull null],@"kCFStreamSSLPeerName",
                                  @"kCFStreamSocketSecurityLevelNegotiatedSSL", 
                                  @"kCFStreamSSLLevel",
                                  nil ];
        CFReadStreamSetProperty((CFReadStreamRef)iStream, 
                                @"kCFStreamPropertySSLSettings", (CFTypeRef)settings);
        CFWriteStreamSetProperty((CFWriteStreamRef)oStream, 
                                 @"kCFStreamPropertySSLSettings", (CFTypeRef)settings);

这篇关于使用套接字上的NSStream SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！