I'm trying to set up TLS connection with SNI. Problem is that the first property setting call returns 1 indicating that it was accepted. The following two return 0, which means they didn't go through. What could be the reasoning be?
At some point I have to add my own cert to be trusted, but as far as I understand, that will be done after opening the streams, so it shouldn't be any cause here.
Also, does kCFStreamSocketSecurityLevelNegotiatedSSL
support tls1.2 as there are no constants to choose that directly?
var tempInputStream: Unmanaged<CFReadStream>?
var tempOutputStream: Unmanaged<CFWriteStream>?
CFStreamCreatePairWithSocketToHost(nil, address as CFStringRef, port, &tempInputStream, &tempOutputStream)
let cfInputStream: CFReadStream = tempInputStream!.takeRetainedValue()
let cfOutputStream: CFWriteStream = tempOutputStream!.takeRetainedValue()
//setting properties
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLPeerName, "peer.address"))
let inputStream: NSInputStream = cfInputStream
let outputStream: NSOutputStream = cfOutputStream
inputStream.delegate = self
inputStream.delegate = self
inputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
inputStream.open()
outputStream.open()
kCFStreamSSLValidatesCertificateChain
and kCFStreamSSLPeerName
are not stream properties. They are SSL Settings properties. You need to collect them all together into a dictionary and assign it to kCFStreamPropertySSLSettings
:
let ssl = [
String(kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse, // You an probably use "false" here
String(kCFStreamSSLPeerName): "peer.address"
]
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySSLSettings, ssl))