Could this be a solution: https://github.com/x2on/OpenSSL-for-iPhone ? This project provides a script to make a static build of OpenSSL to be used on iOS 4.3 - iOS 7.1.
Cheers, Kurt On 02 May 2014, at 10:16, Jeremy Lainé <[email protected]> wrote: > On 05/01/2014 03:51 PM, Jeremy Lainé wrote: >> One problem I am going to run into is that Apple's API doesn't seem to >> provide error >> details when a certificate check fails (SecTrustEvaluate), so I don't think >> we'll get as >> fine-grained QSslError's as when using OpenSSL. I have however managed to >> implement the >> pattern used in the OpenSSL implementation: >> >> - start handshake >> - emit sslErrors if appropriate >> - allow ignoring the errors using ignoreSslErrors >> - complete handshake > > OK it looks as though I was overly optimistic, I just realised I was relying > on some > functions only available on OS X, not iOS. > >> From what I can tell, we can't even do subject / alternative subject name >> validation > ourselves, as SecCertificateCopyValues is not exposed on OSX. So, it looks as > though we > can either: > > - let secure transport do all the checks (name, trust chain, ..) which will > result in > either success or a failure, with no ability to ignore SSL errors when they > occur > > - disable checks altogether before starting the handshake => totally insecure > > Bottom line: connecting to hosts with valid certificates is OK, connecting to > anything > else (self-signed certs, name mismatches) basically nullifies the security > promise as we > can't check the errors. Is it worth continuing, to at least support the happy > path? > > Cheers, > Jeremy > _______________________________________________ > Development mailing list > [email protected] > http://lists.qt-project.org/mailman/listinfo/development _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
