Fix for self-signed client certificates on iOS 5 (alternate) #314

Open
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants

1.) Restructure handling of ssl options (i.e., kCFStreamPropertySSLSettings) so that disabling SSL certificate verification and adding an SSL client certificate are not mutually exclusive. Also removed several settings which appear unneeded to successfully use a self-signed certificate / a certificate using a self generated CA based on my testing; further context on the necessity of these options (kCFStreamSSLAllowsExpiredCertificates, kCFStreamSSLAllowsAnyRoot, setting kCFStreamSSLPeerName to kCFNull) would be useful.

2.) Add option to specify an SSL CA Certificate to use instead of the normal root certificates for verifying a server certificate. Note that this isn't handled in an ideal fashion - certificate verification is completely disabled for the initial handshake, then manually checked on the first read event (i.e., when handleNetworkEvent gets a kCFStreamEventHasBytesAvailable event). I was unable to succeed at other methods of adding a root CA certificate (adding it to the keychain, altering the ssl context)

FYI, this is my first time using github/submitting, so feedback is welcome.

James Chalfant 1.) Restructing handling of ssl options (i.e., kCFStreamPropertySSLSe…
…ttings) so that disabling SSL certificate verification and adding an SSL client certificate are not mutually exclusive

2.) Add option to specify an SSL CA Certificate to use instead of the normal root certificates for verifying a server certificate. Note that this isn't handled in an ideal fashion - certificate verification is completely disabled for the initial handshake, then manually checked on the first read event (i.e., when handleNetworkEvent gets a kCFStreamEventHasBytesAvailable event). I was unable to succeed at other methods of adding a root CA certificate (adding it to the keychain, altering the ssl context).
14a587c

sebbu commented on 14a587c Jan 23, 2013

Works great. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment