1. 首页
  2. 问答
  3. iOS和Erlang - SSL握手失败,自签名证书

iOS和Erlang - SSL握手失败,自签名证书

2015-02-06 84 views
4

我想创建一个通过TCP/IP从iOS到一个Erlang服务器的SSL连接。服务器使用自签名证书(Erlang OTP附带的默认证书)。iOS和Erlang - SSL握手失败,自签名证书

每次,SSL握手失败: - CFNetwork的SSLHandshake失败(-9824 - > -9829) - CFNetwork的SSLHandshake失败(-9807)

这是一个方法,我用:

CFReadStreamRef readStream; 
CFWriteStreamRef writeStream; 

CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)@"my-server-name", 1234, &readStream, &writeStream); 

//------------------------------------------------------ 
// Set props. 
// 
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL); 
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue); 
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue); 
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue); 
CFReadStreamSetProperty(readStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); 
CFReadStreamSetProperty(readStream, kCFStreamSSLPeerName, kCFNull); 

CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL); 
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue); 
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue); 
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue); 
CFWriteStreamSetProperty(writeStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); 
CFWriteStreamSetProperty(writeStream, kCFStreamSSLPeerName, kCFNull); 

//------------------------------------------------------ 
// Open streams. 
// 
if(!CFReadStreamOpen(readStream)) 
{ 
    NSLog(@"CFReadStreamOpen Failed!"); 
    return 0; 
} 

if(!CFWriteStreamOpen(writeStream)) 
{ 
    NSLog(@"CFWriteStreamOpen Failed!"); 
    CFReadStreamClose(readStream); 
    return 0; 
} 

//------------------------------------------------------ 
// Send some data. 
// 
UInt8 data[20] = {0}; 

*(ushort*)data = 18; 
for(int i = 2; i < 20; i++) 
{ 
    data[i] = 'A' + i; 
} 

NSLog(@"Sending some data..."); 

CFIndex bytesSent = CFWriteStreamWrite(writeStream, data, 20); 
NSLog(@"Bytes Sent: %d", (int)bytesSent); 

//------------------------------------------------------ 
// Close streams. 
// 
CFReadStreamClose(readStream); 
CFWriteStreamClose(writeStream);

我也试图与SecureTransport(SSLCreateContext,SSLSetConnection,SSLHandshake它是相同的 - 。SSL握手失败

任何建议非常赞赏

来源

2015-02-06 Codrin

回答

1

错误有很多可能的原因。您可能应该先在Mac上使用curl命令来访问Erlang服务器。卷曲会给你更多的描述性错误。您需要通过-k标志来告诉它忽略证书错误。

一些快速的可能性:您的Objective-C代码是否设置为允许无效的证书?它是否设置为验证域名,并且您的开发设置不会执行反向DNS?

来源

2015-02-07 03:16:08

0

如果问题与AppTransport相关,您可以通过在MacOS 10.11上运行/usr/bin/nscurl --ats-diagnostics --verbose yourdomain.com来找到需要哪个例外。

来源

2015-10-04 10:41:21

相关问题

 相关问题