设置 CFStream 属性 失败
setting CFStream property failing
我正在尝试建立与 SNI 的 TLS 连接。问题是第一个 属性 设置调用 returns 1 表明它已被接受。下面两个return0,表示没有通过。可能是什么原因?
有时我必须添加自己的证书才能被信任,但据我所知,这将在打开流后完成,所以这不应该是任何原因。
此外,kCFStreamSocketSecurityLevelNegotiatedSSL 是否支持 tls1.2,因为没有常量可以直接选择它?
var tempInputStream: Unmanaged<CFReadStream>?
var tempOutputStream: Unmanaged<CFWriteStream>?
CFStreamCreatePairWithSocketToHost(nil, address as CFStringRef, port, &tempInputStream, &tempOutputStream)
let cfInputStream: CFReadStream = tempInputStream!.takeRetainedValue()
let cfOutputStream: CFWriteStream = tempOutputStream!.takeRetainedValue()
//setting properties
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLPeerName, "peer.address"))
let inputStream: NSInputStream = cfInputStream
let outputStream: NSOutputStream = cfOutputStream
inputStream.delegate = self
inputStream.delegate = self
inputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
inputStream.open()
outputStream.open()
kCFStreamSSLValidatesCertificateChain 和 kCFStreamSSLPeerName 不是流属性。它们是 SSL 设置属性。您需要将它们全部收集到字典中并将其分配给 kCFStreamPropertySSLSettings:
let ssl = [
String(kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse, // You an probably use "false" here
String(kCFStreamSSLPeerName): "peer.address"
]
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySSLSettings, ssl))
我正在尝试建立与 SNI 的 TLS 连接。问题是第一个 属性 设置调用 returns 1 表明它已被接受。下面两个return0,表示没有通过。可能是什么原因?
有时我必须添加自己的证书才能被信任,但据我所知,这将在打开流后完成,所以这不应该是任何原因。
此外,kCFStreamSocketSecurityLevelNegotiatedSSL 是否支持 tls1.2,因为没有常量可以直接选择它?
var tempInputStream: Unmanaged<CFReadStream>?
var tempOutputStream: Unmanaged<CFWriteStream>?
CFStreamCreatePairWithSocketToHost(nil, address as CFStringRef, port, &tempInputStream, &tempOutputStream)
let cfInputStream: CFReadStream = tempInputStream!.takeRetainedValue()
let cfOutputStream: CFWriteStream = tempOutputStream!.takeRetainedValue()
//setting properties
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLPeerName, "peer.address"))
let inputStream: NSInputStream = cfInputStream
let outputStream: NSOutputStream = cfOutputStream
inputStream.delegate = self
inputStream.delegate = self
inputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
inputStream.open()
outputStream.open()
kCFStreamSSLValidatesCertificateChain 和 kCFStreamSSLPeerName 不是流属性。它们是 SSL 设置属性。您需要将它们全部收集到字典中并将其分配给 kCFStreamPropertySSLSettings:
let ssl = [
String(kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse, // You an probably use "false" here
String(kCFStreamSSLPeerName): "peer.address"
]
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySSLSettings, ssl))