Skip to content
Permalink
Browse files

some cleanup and SSL pinning fix

  • Loading branch information...
daltoniam committed Mar 14, 2017
1 parent 1385936 commit dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6
@@ -258,7 +258,6 @@ open class WebSocket : NSObject, StreamDelegate {
Private method that starts the connection.
*/
private func createHTTPRequest() {

let urlRequest = CFHTTPMessageCreateRequest(kCFAllocatorDefault, "GET" as CFString,
url as CFURL, kCFHTTPVersion1_1).takeRetainedValue()

@@ -383,14 +382,29 @@ open class WebSocket : NSObject, StreamDelegate {
guard !sOperation.isCancelled else { return }
out -= 100
if out < 0 {
self?.cleanupStream()
WebSocket.sharedWorkQueue.async {
self?.cleanupStream()
}
self?.doDisconnect(self?.errorWithDetail("write wait timed out", code: 2))
return
} else if outStream.streamError != nil {
return // disconnectStream will be called.
}
}
guard !sOperation.isCancelled else { return }
guard !sOperation.isCancelled, let s = self else { return }
// Do the pinning now if needed
if let sec = s.security, !s.certValidated {
let trust = outStream.property(forKey: kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust
let domain = outStream.property(forKey: kCFStreamSSLPeerName as Stream.PropertyKey) as? String
s.certValidated = sec.isValid(trust, domain: domain)
if !s.certValidated {
WebSocket.sharedWorkQueue.async {
let error = s.errorWithDetail("Invalid SSL certificate", code: 1)
s.disconnectStream(error)
}
return
}
}
outStream.write(bytes, maxLength: data.count)
}
writeQueue.addOperation(operation)
@@ -400,17 +414,6 @@ open class WebSocket : NSObject, StreamDelegate {
Delegate for the stream methods. Processes incoming bytes
*/
open func stream(_ aStream: Stream, handle eventCode: Stream.Event) {
if let sec = security, !certValidated && [.hasBytesAvailable, .hasSpaceAvailable].contains(eventCode) {
let trust = aStream.property(forKey: kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust
let domain = aStream.property(forKey: kCFStreamSSLPeerName as Stream.PropertyKey) as? String
if sec.isValid(trust, domain: domain) {
certValidated = true
} else {
let error = errorWithDetail("Invalid SSL certificate", code: 1)
disconnectStream(error)
return
}
}
if eventCode == .hasBytesAvailable {
if aStream == inputStream {
processInputStream()
@@ -945,6 +948,7 @@ open class WebSocket : NSObject, StreamDelegate {
readyToWrite = false
mutex.unlock()
cleanupStream()
writeQueue.cancelAllOperations()
}

}

0 comments on commit dbeb119

Please sign in to comment.
You can’t perform that action at this time.