我正在尝试与SNI建立TLS连接。问题是第一个属性设置调用返回1,表示它被接受。接下来的两个返回0,这意味着它们没有通过。理由是什么呢?
在某些时候,我必须添加我自己的证书来被信任,但据我所知,这将在打开流之后完成,所以这里不应该有任何原因。
另外,kCFStreamSocketSecurityLevelNegotiatedSSL是否支持tls1.2,因为没有可以直接选择的常量?
var tempInputStream: Unmanaged<CFReadStream>?
var tempOutputStream: Unmanaged<CFWriteStream>?
CFStreamCreatePairWithSocketToHost(nil, address as CFStringRef, port, &tempInputStream, &tempOutputStream)
let cfInputStream: CFReadStream = tempInputStream!.takeRetainedValue()
let cfOutputStream: CFWriteStream = tempOutputStream!.takeRetainedValue()
//setting properties
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse))
print(CFReadStreamSetProperty(cfInputStream, kCFStreamSSLPeerName, "peer.address"))
let inputStream: NSInputStream = cfInputStream
let outputStream: NSOutputStream = cfOutputStream
inputStream.delegate = self
inputStream.delegate = self
inputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
inputStream.open()
outputStream.open()
kCFStreamSSLValidatesCertificateChain和kCFStreamSSLPeerName不是流属性。它们是SSL设置属性。您需要将它们全部收集到一个字典中,并将其分配给kCFStreamPropertySSLSettings:
let ssl = [
String(kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse, // You an probably use "false" here
String(kCFStreamSSLPeerName): "peer.address"
]
print(CFReadStreamSetProperty(cfInputStream, kCFStreamPropertySSLSettings, ssl))