TCP套接字流和带有Swift的SSL

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了TCP套接字流和带有Swift的SSL相关的知识,希望对你有一定的参考价值。

我正在一个需要连接到套接字的简单客户端上工作。此套接字需要SSL ...我正在尝试配置客户端以支持SSL,但出现此错误:

CFNetwork SSLHandshake failed (-9807)

这是我编写的用于配置套接字的代码。您看到任何奇怪/错误的东西吗?另外...服务器正在本地主机上运行,​​目前我正在模拟器上运行ios应用...可能是问题吗?

class MySocket:NSObject 

    var inputStream: InputStream!
    var outputStream: OutputStream!

    func setupStream()

        var readStream: Unmanaged<CFReadStream>?
        var writeStream: Unmanaged<CFWriteStream>?

        CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault,
                                           "127.0.0.1" as CFString,
                                           80,
                                           &readStream,
                                           &writeStream)

        inputStream = readStream!.takeRetainedValue()
        outputStream = writeStream!.takeRetainedValue()

        inputStream.delegate = self

        inputStream.schedule(in: .current, forMode: .common)
        outputStream.schedule(in: .current, forMode: .common)

    // SETTING SSL HERE
        inputStream.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey:  Stream.PropertyKey.socketSecurityLevelKey)
        outputStream.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
    // END SSL SETUP

        inputStream.open()
        outputStream.open()

    

答案

我一直在检查库SocketRocket,以检查您的代码。该库是在Objective-C中实现的,但是您可以将其用作参考。

在该库中,在更新安全流选项的代码中,我注意到它仅更新outputStream的kCFStreamSocketSecurityLevelNegotiatedSSL。

- (void)_updateSecureStreamOptions 
    if (_secure) 
        NSMutableDictionary *SSLOptions = [[NSMutableDictionary alloc] init];

        /*ONLY FOR OUTPUT STREAM*/
        [_outputStream setProperty:(__bridge id)kCFStreamSocketSecurityLevelNegotiatedSSL forKey:(__bridge id)kCFStreamPropertySocketSecurityLevel];

        // If we're using pinned certs, don't validate the certificate chain
        if ([_urlRequest SR_SSLPinnedCertificates].count) 
            [SSLOptions setValue:@NO forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
        

  #if DEBUG
        self.allowsUntrustedSSLCertificates = YES;
  #endif

        if (self.allowsUntrustedSSLCertificates) 
            [SSLOptions setValue:@NO forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
            SRFastLog(@"Allowing connection to any root cert");
        

        [_outputStream setProperty:SSLOptions
                            forKey:(__bridge id)kCFStreamPropertySSLSettings];
    

    _inputStream.delegate = self;
    _outputStream.delegate = self;

    [self setupNetworkServiceType:_urlRequest.networkServiceType];

我希望这会有所帮助。

以上是关于TCP套接字流和带有Swift的SSL的主要内容,如果未能解决你的问题,请参考以下文章

如何接受boost :: asio :: ssl :: stream 作为boost :: asio :: ip :: tcp :: socket类型的参数

带有 Python SSL 套接字的自签名证书

如何使用 TLS/SSL 确保套接字连接的安全

Linux之SSL安全套接字20160704

C TCP套接字,带有文件发送的回显服务器,发送文件后挂断

ssl和socket有何关系?说明两者的异同点?