iOS和Erlang - 使用自签名证书的SSL握手失败

时间:2015-02-06 09:41:50

标签: ios ssl erlang handshake

我正在尝试通过TCP / IP从iOS创建到Erlang服务器的SSL连接。服务器使用自签名证书(Erlang OTP附带的默认证书)。

每次SSL握手失败: - CFNetwork SSLHandshake失败(-9824 - > -9829) - CFNetwork SSLHandshake失败(-9807)

这是我使用的一种方法:

CFReadStreamRef readStream;
CFWriteStreamRef writeStream;

CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)@"my-server-name", 1234, &readStream, &writeStream);

//------------------------------------------------------
// Set props.
//
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFReadStreamSetProperty(readStream, kCFStreamSSLPeerName, kCFNull);

CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLPeerName, kCFNull);

//------------------------------------------------------
// Open streams.
//
if(!CFReadStreamOpen(readStream))
{
    NSLog(@"CFReadStreamOpen Failed!");
    return 0;
}

if(!CFWriteStreamOpen(writeStream))
{
    NSLog(@"CFWriteStreamOpen Failed!");
    CFReadStreamClose(readStream);
    return 0;
}

//------------------------------------------------------
// Send some data.
//
UInt8 data[20] = {0};

*(ushort*)data = 18;
for(int i = 2; i < 20; i++)
{
    data[i] = 'A' + i;
}

NSLog(@"Sending some data...");

CFIndex bytesSent = CFWriteStreamWrite(writeStream, data, 20);
NSLog(@"Bytes Sent: %d", (int)bytesSent);

//------------------------------------------------------
// Close streams.
//
CFReadStreamClose(readStream);
CFWriteStreamClose(writeStream);

我还尝试使用SecureTransport(SSLCreateContext,SSLSetConnection,SSLHandshake,它是相同的 - SSL握手失败。

非常感谢任何建议。

2 个答案:

答案 0 :(得分:1)

错误有很多可能的原因。您应该首先使用Mac上的curl命令来访问Erlang服务器。 Curl会为您提供更多描述性错误。您需要传递-k标志,告诉它忽略证书错误。

一些快速的可能性:您的Objective-C代码是否设置为允许无效证书?是否设置为验证域名,并且您的开发设置不执行反向DNS?

答案 1 :(得分:0)

如果问题与AppTransport有关,您可以在MacOS 10.11上运行/usr/bin/nscurl --ats-diagnostics --verbose yourdomain.com找到所需的例外。

相关问题
最新问题