My issue may be related to a self-signed certificate that I setup for my
listener.
According to CBLHTTPConnection, the method to determine if the listener is
password protected is this:
- (BOOL)isPasswordProtected:(NSString *)path {
return !_hasClientCert && self.listener.requiresAuth;
}
When I create my listener, I set this up:
BOOL success = [self.syncListener setAnonymousSSLIdentityWithLabel:
@"tf-peer-sync" error:&error];
The header file of CBLListener states:
"this makes it less useful for identification, but it still provides
encryption of the HTTP traffic."
I do want encrypted traffic but I also want password authentication, which
I hope should be secure enough as long as the traffic is going over SSL.
But it would seem that you can't have password authentication if you also
have encryption.
Am I understanding that correctly?
Thanks,
Brendan
On Wednesday, December 30, 2015 at 10:50:52 PM UTC-7, Brendan Duddridge
wrote:
>
> Hi,
>
> I have peer-to-peer syncing working between my Mac and iPhone app.
>
> I've currently setup my app so the user can optionally setup a password
> that is used to provide authentication info to the CBLListener and
> CBLReplicator.
>
> So there are two things I'm doing, one setting the username and password
> dictionary on the listener:
>
> [self.syncListener setPasswords:@{self.documentID: self.
> syncPasswordFromKeychain}];
>
> according to the docs, this also sets the requiresAuth flag too. And it is
> set when I check it.
>
> and then generating a URL that has the username and password in it:
>
> - (NSURL *)peerURLWithSSL:(BOOL)ssl {
>
> NSURLComponents *components = [[NSURLComponents alloc] init];
>
> components.scheme = (ssl ? @"https" : @"http");
>
> components.host = self.service.hostName;
>
> components.port = @(self.service.port);
>
> components.path = [@"/" stringByAppendingString:self.databaseDocument.
> documentID];
>
> if (self.databaseDocument.syncPasswordFromKeychain) {
>
> components.user = self.databaseDocument.documentID;
>
> components.password = self.databaseDocument.syncPasswordFromKeychain;
>
> }
>
>
> return components.URL;
>
> }
>
>
> However I'm not entirely sure how to validate the passwords so I can
> display an error letting the user know they require a valid password. I
> implemented the CBLListener delegate passwordForUser: but it never seems to
> get called. I've set my class as the delegate for the listener.
>
> According to the documentation:
>
> /** Authenticates a request that uses Basic or Digest authentication.
>
> If this method is not implemented, the `passwords` dictionary
> registered with the CBLListener
>
> is consulted instead. **/
>
> I thought if I could implement that method then I could decide if I should
> show an error or not. Otherwise, I do have the passwords dictionary also
> set as above.
>
> So anyway, if there's some guidance on using basic authentication that
> would be great. I have read the Wiki page on certificate authentication,
> but I've been trying to make it work with basic authentication over SSL.
>
> I'm using the latest build from master.
>
> Thanks,
>
> Brendan
>
>
--
You received this message because you are subscribed to the Google Groups
"Couchbase Mobile" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/mobile-couchbase/06b4f10b-48d3-44b2-9f4d-746c01aee3ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
