[grpc-io] Re: [iOS / Objective-C] Seeking guidance for configuration for SSL
I logged a bug on the Grpc tracker to add more examples in this area.
I'm confused about how to properly configure SSL on iOS.
Here we have code that uses 'useTestCertPath' with comment:
https://github.com/GoogleCloudPlatform/ios-docs-samples/blob/master/solutions/stickynoteapi/gRPC/Objective-C/stickynotes/StickyNotesViewController.m
- (void) configureNetworking {
if (!useSSL) {
_addressWithPort = [kHostAddress stringByAppendingString:@":8080"];
// This tells the GRPC library to NOT use SSL.
[GRPCCall useInsecureConnectionsForHost:_addressWithPort];
} else {
_addressWithPort = [kHostAddress stringByAppendingString:@":443"];
// This tells the GRPC library to trust a certificate that it might not be
able to validate.
// Typically this would be used to trust a self-signed certificate.
[GRPCCall useTestCertsPath:[[NSBundle mainBundle] pathForResource:@"ssl"
ofType:@"crt"]
testName:@"example.com"
forHost:kHostAddress
];
}
_client = [[StickyNote alloc] initWithHost:_addressWithPort];
}
Can you explain the different scenarios for useTestCertsPath and
setTLSPemRootsCerts?
Do I need to configure "mutual TLS" ???
On Friday, June 22, 2018 at 1:22:25 PM UTC-4, Rob Cecil wrote:
>
> I am developing both an iOS app and server using Grpc (objective-C/Swift
> and C# respectively).
>
> The app will be naturally released to the Apple App Store. However, the
> server is designed to reside within the user's corporate network, deploying
> our Grpc C#-based product, which will require a self-signed certificate
> strategy.
>
> That means we will not be bundling server certificates within the app
> bundle - but need to pickup whatever certificates have been configured
> (using profiles, EMM, etc.) and coordinating with their own servers.
>
> I am using the generated code approach for Objective-C, and
> leveraging GRPCProtoService services.
>
> My understanding is that by default, the Objective-C Grpc implementation
> assumes secure SSL connections and you must use
>
> GRPCCall.useInsecureConnections(forHost:)
>
> to override that behavior.
>
> What I don't understand is how to use, if I even need to use,
> GRPCCall.setTLSPEMRootCerts, in a situation when the server certificate is
> not in the app bundle, but already on the device.
>
> Thanks.
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to grpc-io+unsubscr...@googlegroups.com.
To post to this group, send email to grpc-io@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/1fb1cbdc-df05-4976-a734-f13b45768f61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[grpc-io] Re: [iOS / Objective-C] Seeking guidance for configuration for SSL
Muxi, Which override am I using for this method? Is there an example for Objective-C and SSL ? On Friday, June 22, 2018 at 1:22:25 PM UTC-4, Rob Cecil wrote: > > I am developing both an iOS app and server using Grpc (objective-C/Swift > and C# respectively). > > The app will be naturally released to the Apple App Store. However, the > server is designed to reside within the user's corporate network, deploying > our Grpc C#-based product, which will require a self-signed certificate > strategy. > > That means we will not be bundling server certificates within the app > bundle - but need to pickup whatever certificates have been configured > (using profiles, EMM, etc.) and coordinating with their own servers. > > I am using the generated code approach for Objective-C, and > leveraging GRPCProtoService services. > > My understanding is that by default, the Objective-C Grpc implementation > assumes secure SSL connections and you must use > > GRPCCall.useInsecureConnections(forHost:) > > to override that behavior. > > What I don't understand is how to use, if I even need to use, > GRPCCall.setTLSPEMRootCerts, in a situation when the server certificate is > not in the app bundle, but already on the device. > > Thanks. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/adceada2-ba02-49d3-bfb2-549b8901b685%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
