如何在iOS上使用CFSockets时手动验证TLS证书?

时间:2017-09-01 14:55:18

标签: ios sockets ssl

我正在使用CFStreamCreatePairWithSocketToHost创建与服务器的连接。此服务器使用自签名证书,我必须验证它。 我一直试图找到任何方法来检索服务器证书,但我迷路了,找不到任何允许我检索它的方法/类。

我将非常感激地指出如何在这样的代码中获取它:

CFReadStreamRef readStream;
CFWriteStreamRef writeStream;
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, (__bridge CFStringRef) address, (UInt32) port, &readStream, &writeStream);

NSInputStream *inputStream = (__bridge_transfer NSInputStream *) readStream;
NSOutputStream *outputStream = (__bridge_transfer NSOutputStream *) writeStream;
[inputStream setDelegate:self];
[outputStream setDelegate:self];
[inputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];

NSDictionary *settings = @{(NSString *) kCFStreamSSLValidatesCertificateChain: @NO};

CFReadStreamSetProperty((__bridge CFReadStreamRef) inputStream, kCFStreamPropertySSLSettings, (__bridge CFTypeRef) settings);

[inputStream open];
[outputStream open];

1 个答案:

答案 0 :(得分:0)

在谷歌搜索的另一场会议中,我终于偶然发现了少数罕见的苹果文档之一,它们清楚地描述了一个过程: https://developer.apple.com/library/content/technotes/tn2232/_index.html#//apple_ref/doc/uid/DTS40012884-CH1-SECCFSOCKETSTREAM

这是Apple提供的示例代码: https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html

相关问题
最新问题