Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>I do not have the direct answer to your question, but perhaps few guidelines:</p> <ol> <li><p>Why do you need to use the CFStream API and not the more intuitive <strong><em>NSURLConnection</em></strong> ?<br> From what I could find in the documentation, it seams like not everything that is available for Mac OS X, regarding CFStream API, is available for iOS. So think about it, and see if you can switch to NSURLConnection :-)</p></li> <li><p>For NSURLConnection, you can use the <strong><em>NSURLConnectionDelegate</em></strong> methods to get the SSL challenge and validate the certificate on your own. You can check the <strong><em>wsdl2objc</em></strong> project, where I have implemented these features: </p> <ul> <li>The project: <a href="http://code.google.com/p/wsdl2objc/" rel="nofollow">http://code.google.com/p/wsdl2objc/</a></li> <li>Some guidelines on how to get the certificate references: <a href="http://code.google.com/p/wsdl2objc/wiki/AdvancedOptions" rel="nofollow">http://code.google.com/p/wsdl2objc/wiki/AdvancedOptions</a></li> </ul></li> <li><p>Now about your questions :-)<br> I don't see how you can set a custom (untrusted) CA in <strong><em>kCFStreamPropertySSLSettings</em></strong>. I'm not sure if it can be done by using <strong><em>kCFStreamSSLCertificates</em></strong> since it is meant to be used for setting client-side certificates (thus the requirement of having the <strong><em>SecIdentityRef</em></strong> on index 0, which basically provides the private key).</p></li> <li><p>When you say you don't want to add the certificate to the keychain, do you mean manually or programmatically ? I guess you don't like the users of your app to have to do it manually, but you can use the <strong><em>Security API</em></strong> to import the certificate programatically. In this case your certificate will be imported in a sandboxed keychain which is only available for your application. (again, not sure if this will work but worths the try)</p></li> </ol> <p>In my applications I use NSURLConnectionDelegate to manually validate untrusted certificates.</p> <p>Regards,<br> Pece</p>
    singulars
    1. This table or related slice is empty.
    1. POAccept untrusted SSL server certificate with CFStream socket on iOS
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USpmilosev
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTBountyClose
    1. COHi, I experimented also with NSURLConnection implementing the authentication challenge methods of its delegate and in fact I could achieve everything what I wanted as described in the question. The problem is as far as I understand that NSURLRequest supports only http, https, file and ftp protocol (as of this: https://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/URLLoadingSystem/Concepts/URLOverview.html) but I need to interact with other type of system (SIP/TLS). Do you know whether NSURLConnection can be used also for low-level socket communication?
      singulars
      1. PO
      1. USMrTJ
    2. COWhat about adding the untrusted CA to my own application's keychain sandbox: yes, I tried this also meanwhile since I asked the question, but I repeatedly received a errSSLXCertChainInvalid (-9807@kCFStreamErrorDomainSSL) error while connecting. Do you have some idea about the possible cause?
      singulars
      1. PO
      1. USMrTJ
    3. COAhh, now I see :-). No, NSURLConnection will not work with SIP. But if I were you, I would definitely try to find some library for this. A quick search revealed this C lib: http://www.pjsip.org/, which is said to support SIP/TLS. Additionally you might want to take a look at the opensource projects proposed here: http://stackoverflow.com/questions/1493050/open-source-voip-sip-objective-c-code.
      singulars
      1. PO
      1. USpmilosev
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload