我想從我的iOS應用程序到我的後端服務器(Node.js)建立一個簡單的套接字連接(NO HTTP)。服務器證書已使用自制的自定義CA創建並簽署。我相信爲了讓iOS信任我的服務器,我必須以某種方式將此自定義CA證書添加到用於確定Java/Android中TrustStore工作方式的信任排序的可信證書列表中。在Swift中的iOS SSL連接
我試圖使用下面的代碼連接,但沒有錯誤,但write()函數似乎不成功。
主視圖控制器:
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view, typically from a nib.
let api: APIClient = APIClient()
api.initialiseSSL("10.13.37.200", port: 8080)
api.write("Hello")
api.deinitialise()
print("Done")
}
APIClient類
class APIClient: NSObject, NSStreamDelegate {
var readStream: Unmanaged<CFReadStreamRef>?
var writeStream: Unmanaged<CFWriteStreamRef>?
var inputStream: NSInputStream?
var outputStream: NSOutputStream?
func initialiseSSL(host: String, port: UInt32) {
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, host, port, &readStream, &writeStream)
inputStream = readStream!.takeRetainedValue()
outputStream = writeStream!.takeRetainedValue()
inputStream?.delegate = self
outputStream?.delegate = self
inputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
let cert: SecCertificateRef? = CreateCertificateFromFile("ca", ext: "der")
if cert != nil {
print("GOT CERTIFICATE")
}
let certs: NSArray = NSArray(objects: cert!)
let sslSettings = [
NSString(format: kCFStreamSSLLevel): kCFStreamSocketSecurityLevelNegotiatedSSL,
NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse,
NSString(format: kCFStreamSSLPeerName): kCFNull,
NSString(format: kCFStreamSSLCertificates): certs,
NSString(format: kCFStreamSSLIsServer): kCFBooleanFalse
]
CFReadStreamSetProperty(inputStream, kCFStreamPropertySSLSettings, sslSettings)
CFWriteStreamSetProperty(outputStream, kCFStreamPropertySSLSettings, sslSettings)
inputStream!.open()
outputStream!.open()
}
func write(text: String) {
let data = [UInt8](text.utf8)
outputStream?.write(data, maxLength: data.count)
}
func CreateCertificateFromFile(filename: String, ext: String) -> SecCertificateRef? {
var cert: SecCertificateRef!
if let path = NSBundle.mainBundle().pathForResource(filename, ofType: ext) {
let data = NSData(contentsOfFile: path)!
cert = SecCertificateCreateWithData(kCFAllocatorDefault, data)!
}
else {
}
return cert
}
func deinitialise() {
inputStream?.close()
outputStream?.close()
}
}
我瞭解SSL/TLS的工作和所有因爲我所做的這一切罰款的Android版本這個應用程序。我只是混淆了SSL的iOS實現。
我來自Java的背景,並已與這個問題一起去了3個星期。任何幫助,將不勝感激。
喜歡在斯威夫特代碼,而不是目標C答案,但如果你只擁有的OBJç那也沒關係:)
謝謝你,這是好東西!我已經想出了大部分套接字功能,但是這幫助我獲得了SSL的工作。 – Sethmr
我希望我在開始排除這件事時看到了這個, – Sethmr
很高興爲您提供幫助。老實說,蘋果公司爲SSL做出的設計決定非常糟糕。你應該可以添加自己的受信任的根CA「BEFORE」信任評估:( – Snapper26