On 5 Mar '08, at 12:24 PM, Eric Scharff wrote:
This doesn't make sense because TLS shouldn't require host name verification anyway, and I'm sure that the server's SSL certificate is valid.
The cert does look valid, and matches the domain name, so that doesn't seem to be the problem.
But host name verification is important — otherwise you don't know you've connected to the right site. Instead of paypal.com, a poisoned DNS server might have given you the IP address of shady-operator.com, which has a valid cert and is running a phishing scam. Without host verification there'd be no way for the user to tell they weren't at the real site.
[fileInStream setProperty: NSStreamSocketSecurityLevelTLSv1 forKey: NSStreamSocketSecurityLevelKey]; // [fileInStream setProperty: NSStreamSocketSecurityLevelNegotiatedSSL forKey: NSStreamSocketSecurityLevelKey];
Are you sure that both of these properties need to be set? Have you tried one without the other?
—Jens
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
