Jools,
Thanks for your help.
I do have another question. I have been searching for examples of setting
up SSL with sockets on iOS and they all have similar code which concerns me
because it seems to reduce the security.
After setting the NSStreamSocketSecurityLevelKey property, they also
configure these settings like this:
NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
[NSNumber numberWithBool:YES],
kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:YES],
kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:NO],
kCFStreamSSLValidatesCertificateChain,
kCFNull,kCFStreamSSLPeerName,
nil];
CFReadStreamSetProperty((CFReadStreamRef)inputStream,
kCFStreamPropertySSLSettings, (CFTypeRef)settings);
CFWriteStreamSetProperty((CFWriteStreamRef)outputStream,
kCFStreamPropertySSLSettings, (CFTypeRef)settings);
Do you know whether I should be messing with any of these settings or just
leave them at their default value?
Ted
-----Original Message-----
From: Jools [mailto:[email protected]]
Sent: Tuesday, December 31, 2013 1:33 AM
To: [email protected]
Subject: Re: iOS SSL Thrift Connection
Ted,
I'm still using .6, as we've hacked it about so much I've not had time to
merge my changes forward.
I was just curious which version you are using.
Best of luck, if you hit any issues post back here and I'm sure we'll be
able to help.
Cheers,
--Jools
On 30 December 2013 21:52, Ted Rogers <[email protected]> wrote:
> Jools,
>
> Not sure of current version as I can't find the version number in the
> source or headers but I figured I would make sure I was using the
> latest which I believe is 0.9.1.
>
> Is there a reason to do more than setting the stream properties?
>
> Ted
>
> -----Original Message-----
> From: Jools [mailto:[email protected]]
> Sent: Monday, December 30, 2013 3:01 PM
> To: [email protected]
> Subject: Re: iOS SSL Thrift Connection
>
> Hi Ted,
>
> Yes, you can alter the stream properties to introduce SSL handshaking.
>
> Which version of thrift are you using ?
>
> --Jools
>
>
>
>
> On 30 December 2013 19:31, Ted Rogers <[email protected]> wrote:
>
> > Jools,
> >
> > Thanks for the response. I am also using TNSFramedTransport. I
> > inherited this code so I am hanging on by my fingertips. :) After
> > doing some more research I was wondering whether it was enough to
> > just set the security level on the streams before opening them by
> > setting the NSStreamSocketSecurityLevelKey and
> > kCFStreamPropertySSLSettings properties on the streams in TSocketClient.
> > I assume that is not enough?
> > Ted
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Dec 30, 2013 at 2:11 PM, Jools <[email protected]> wrote:
> >
> > > Hi Ted,
> > >
> > > I hit this exact problem a while back, and ended up creating a my
> > > own transport using GCDAsyncSocket, as I also needed SSL support
> > > along with Framed Transport.
> > >
> > > See https://github.com/robbiehanson/CocoaAsyncSocket for more
> > information
> > > on this rather nifty library.
> > >
> > > If you'd like access to the code, let me know and I'd be happy to
> > > post it up.
> > >
> > > Regards,
> > >
> > > --Kools
> > >
> > >
> > > On 30 December 2013 17:07, Ted Rogers <[email protected]> wrote:
> > >
> > > >
> > > > I'm looking to secure an existing Thrift connection using SSL.
> > > > I see libraries for doing this with Java using
> > > > TSSLTransportFactory but I
> > don't
> > > > see any Cocoa source for this.
> > > >
> > > > Any suggestions on how I go about doing this?
> > > >
> > > > Ted
> > >
> >
>
>
