0

我正在尝试与 SNI 建立 TLS 连接。问题是第一个属性设置调用返回 1 表示它已被接受。以下两个返回0,表示没有通过。可能的原因是什么?

在某些时候,我必须添加自己的证书才能被信任,但据我了解,这将在打开流后完成,所以这里不应该是任何原因。

另外,是否kCFStreamSocketSecurityLevelNegotiatedSSL支持 tls1.2,因为没有常量可以直接选择它?

    var tempInputStream: Unmanaged<CFReadStream>?
    var tempOutputStream: Unmanaged<CFWriteStream>?

    CFStreamCreatePairWithSocketToHost(nil, address as CFStringRef, port, &tempInputStream, &tempOutputStream)

    let cfInputStream: CFReadStream = tempInputStream!.takeRetainedValue()
    let cfOutputStream: CFWriteStream = tempOutputStream!.takeRetainedValue()

//setting properties
    print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL))
    print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse))
    print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLPeerName, "peer.address"))


    let inputStream: NSInputStream = cfInputStream
    let outputStream: NSOutputStream = cfOutputStream

    inputStream.delegate = self
    inputStream.delegate = self

    inputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
    outputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)

    inputStream.open()
    outputStream.open()
4

1 回答 1

1

kCFStreamSSLValidatesCertificateChain并且kCFStreamSSLPeerName不是流属性。它们是 SSL 设置属性。您需要将它们全部收集到字典中并将其分配给kCFStreamPropertySSLSettings

let ssl = [
    String(kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse, // You an probably use "false" here
    String(kCFStreamSSLPeerName): "peer.address"
]

print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySSLSettings, ssl))
于 2015-07-16T13:04:30.567 回答