Unfortunately `{(id)kCFStreamSSLValidatesCertificateChain, @NO}` wasn't the
fix we were looking for. Probably need to try to pre-install the
intermediate SSL certificate in the keychain and see if that fixes the
issue.
http://stackoverflow.com/questions/5323686/ios-pre-install-ssl-certificate-in-keychain-programmatically
On Wednesday, August 6, 2014 6:33:53 PM UTC-7, David Quon wrote:
>
> Actually looking at your commit:
>
> https://github.com/couchbase/couchbase-lite-ios/commit/d222ba163f7a461185c45ca79c708d31fe69e277#diff-c5b060f3b42b252415d0c66db89dd622
>
> I think this maybe the fix we need
> *{(id)kCFStreamSSLValidatesCertificateChain,
> @NO}*:
>
> https://github.com/couchbase/couchbase-lite-ios/blob/500fa800f4e3534d026d44a68d263f8243a86670/Source/ChangeTracker/CBLSocketChangeTracker.m#L101
>
> I think the problem is our CouchDB certificate was purchased from GoDaddy
> and was signed with an intermediate certificate. Unfortunately CouchDB
> doesn't have a way to deal with an intermediate certificate which breaks
> the chain. :-(
>
>
> On Wednesday, August 6, 2014 6:00:05 PM UTC-7, Jens Alfke wrote:
>>
>>
>> On Aug 6, 2014, at 5:40 PM, David Quon <[email protected]> wrote:
>>
>> Jens I assume this fix made it into CBL 1.0.0?
>> https://github.com/couchbase/couchbase-lite-ios/issues/332
>>
>>
>> Yes, and that only applies when talking to Sync Gateway, not CouchDB.
>>
>> This also looks like it could have been related:
>>
>> https://developer.apple.com/library/ios/technotes/tn2287/_index.html#//apple_ref/doc/uid/DTS40011309
>>
>>
>> CBLSocketChangeTracker has had a workaround for that problem for a long
>> time.
>>
>> Actually it looks like some of the fixes in CBLSocketChangeTracker.m were
>> done recently. Could that be what's causing the errors I'm seeing? Thanks
>> for your help as always Jens.
>>
>>
>> I don't think there have been any recent changes that would affect the
>> SSL handshake. There is a recent change on the master branch affecting
>> certificate verification, but that happens after the handshake is complete.
>>
>> —Jens
>>
>
--
You received this message because you are subscribed to the Google Groups
"Couchbase Mobile" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/mobile-couchbase/77b50461-959a-40a2-99c5-cd8ed206577e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
