带有SSL的NSStream - Cocoa Echo Server / Client - CFNetwork SSLHandshake失败(-9800)

时间:2017-05-13 00:00:40

标签: ios objective-c cocoa ssl nsstream

我正在尝试使用Bonjour和NSStreams配置iOS设备以通过WiFi网络连接到macOS设备。我想通过SSL保护连接。我从Apple的Cocoa Echo示例代码here开始。它没有SSL就可以很好地工作,但是当我尝试配置安全连接时,我在客户端和服务器端都获得了CFNetwork SSLHandshake failed (-9800)。这是我的配置。

macOS(服务器) 

// establish connection
CFReadStreamRef readStream = NULL;
CFWriteStreamRef writeStream = NULL;
CFStreamCreatePairWithSocket(kCFAllocatorDefault, nativeSocketHandle, &readStream, &writeStream);
if (readStream && writeStream) {
    CFReadStreamSetProperty(readStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
    CFWriteStreamSetProperty(writeStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);

    SQConnection * connection = [[SQConnection alloc] initWithInputStream:(__bridge NSInputStream *)readStream outputStream:(__bridge NSOutputStream *)writeStream];
    [self.connections addObject:connection];
    [connection open];
    [(NSNotificationCenter *)[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(SQConnectionDidCloseNotification:) name:SQConnectionDidCloseNotification object:connection];
    NSLog(@"Added connection.");

}

// open streams (in SQConnection.open)
[self.inputStream  setDelegate:self];
[self.outputStream setDelegate:self];

// SSL
[self.inputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
[self.outputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];

NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
                          @(FALSE), kCFStreamSSLValidatesCertificateChain,
                          kCFNull, kCFStreamSSLPeerName,
                          nil];
CFReadStreamSetProperty((CFReadStreamRef)self.inputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
CFWriteStreamSetProperty((CFWriteStreamRef)self.outputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);

[self.inputStream  scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[self.outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[self.inputStream  open];
[self.outputStream open];

iOS(客户端) 

NSInputStream * istream;
NSOutputStream * ostream;

if ([netService qNetworkAdditions_getInputStream:&istream outputStream:&ostream]) {
    NSLog(@"OPEN STREAMS");
    self.inputStream = istream;
    self.outputStream = ostream;
    [self.inputStream  setDelegate:self];
    [self.outputStream setDelegate:self];
    [self.inputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
    [self.outputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
    [self.inputStream  scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
    [self.outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
    [self.inputStream  open];
    [self.outputStream open];
}

我最好的猜测是我实际上没有配置用于SSL协商的证书。这是我希望macOS能够自动处理的事情,但Apple的文档在这方面非常不完整。我找到的最好的是a couple paragraphs here“保护和配置连接。”

0 个答案:

没有答案
相关问题
最新问题