Actually looking at your commit:
https://github.com/couchbase/couchbase-lite-ios/commit/d222ba163f7a461185c45ca79c708d31fe69e277#diff-c5b060f3b42b252415d0c66db89dd622
I think this maybe the fix we need *{(id)kCFStreamSSLValidatesCertificateChain,
@NO}*:
https://github.com/couchbase/couchbase-lite-ios/blob/500fa800f4e3534d026d44a68d263f8243a86670/Source/ChangeTracker/CBLSocketChangeTracker.m#L101
I think the problem is our CouchDB certificate was purchased from GoDaddy
and was signed with an intermediate certificate. Unfortunately CouchDB
doesn't have a way to deal with an intermediate certificate which breaks
the chain. :-(
On Wednesday, August 6, 2014 6:00:05 PM UTC-7, Jens Alfke wrote:
>
>
> On Aug 6, 2014, at 5:40 PM, David Quon <[email protected]
> <javascript:>> wrote:
>
> Jens I assume this fix made it into CBL 1.0.0?
> https://github.com/couchbase/couchbase-lite-ios/issues/332
>
>
> Yes, and that only applies when talking to Sync Gateway, not CouchDB.
>
> This also looks like it could have been related:
>
> https://developer.apple.com/library/ios/technotes/tn2287/_index.html#//apple_ref/doc/uid/DTS40011309
>
>
> CBLSocketChangeTracker has had a workaround for that problem for a long
> time.
>
> Actually it looks like some of the fixes in CBLSocketChangeTracker.m were
> done recently. Could that be what's causing the errors I'm seeing? Thanks
> for your help as always Jens.
>
>
> I don't think there have been any recent changes that would affect the SSL
> handshake. There is a recent change on the master branch affecting
> certificate verification, but that happens after the handshake is complete.
>
> —Jens
>
--
You received this message because you are subscribed to the Google Groups
"Couchbase Mobile" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/mobile-couchbase/e10dcf76-22b5-4d93-8d59-dc3ca9a47c5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
