TCP套接字流和带有Swift的SSL

Posted 2023-01-11

我正在一个需要连接到套接字的简单客户端上工作。此套接字需要SSL ...我正在尝试配置客户端以支持SSL，但出现此错误：

CFNetwork SSLHandshake failed (-9807)

这是我编写的用于配置套接字的代码。您看到任何奇怪/错误的东西吗？另外...服务器正在本地主机上运行，​​目前我正在模拟器上运行ios应用...可能是问题吗？

class MySocket:NSObject 

    var inputStream: InputStream!
    var outputStream: OutputStream!

    func setupStream()

        var readStream: Unmanaged<CFReadStream>?
        var writeStream: Unmanaged<CFWriteStream>?

        CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault,
                                           "127.0.0.1" as CFString,
                                           80,
                                           &readStream,
                                           &writeStream)

        inputStream = readStream!.takeRetainedValue()
        outputStream = writeStream!.takeRetainedValue()

        inputStream.delegate = self

        inputStream.schedule(in: .current, forMode: .common)
        outputStream.schedule(in: .current, forMode: .common)

    // SETTING SSL HERE
        inputStream.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey:  Stream.PropertyKey.socketSecurityLevelKey)
        outputStream.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
    // END SSL SETUP

        inputStream.open()
        outputStream.open()

    

答案

我一直在检查库SocketRocket，以检查您的代码。该库是在Objective-C中实现的，但是您可以将其用作参考。

在该库中，在更新安全流选项的代码中，我注意到它仅更新outputStream的kCFStreamSocketSecurityLevelNegotiatedSSL。

- (void)_updateSecureStreamOptions 
    if (_secure) 
        NSMutableDictionary *SSLOptions = [[NSMutableDictionary alloc] init];

        /*ONLY FOR OUTPUT STREAM*/
        [_outputStream setProperty:(__bridge id)kCFStreamSocketSecurityLevelNegotiatedSSL forKey:(__bridge id)kCFStreamPropertySocketSecurityLevel];

        // If we're using pinned certs, don't validate the certificate chain
        if ([_urlRequest SR_SSLPinnedCertificates].count) 
            [SSLOptions setValue:@NO forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
        

  #if DEBUG
        self.allowsUntrustedSSLCertificates = YES;
  #endif

        if (self.allowsUntrustedSSLCertificates) 
            [SSLOptions setValue:@NO forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
            SRFastLog(@"Allowing connection to any root cert");
        

        [_outputStream setProperty:SSLOptions
                            forKey:(__bridge id)kCFStreamPropertySSLSettings];
    

    _inputStream.delegate = self;
    _outputStream.delegate = self;

    [self setupNetworkServiceType:_urlRequest.networkServiceType];

我希望这会有所帮助。