iOS和Erlang - 自签名证书SSL握手失败

Question

iOS和Erlang - 自签名证书SSL握手失败

4

我正在尝试从iOS设备通过TCP/IP与Erlang服务器建立SSL连接。该服务器正在使用自签名证书（随Erlang OTP一起提供的默认证书）

每次SSL握手都会失败： - CFNetwork SSLHandshake 失败 (-9824 -> -9829) - CFNetwork SSLHandshake 失败 (-9807)

这是我使用的一种方法：

CFReadStreamRef readStream;
CFWriteStreamRef writeStream;

CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)@"my-server-name", 1234, &readStream, &writeStream);

//------------------------------------------------------
// Set props.
//
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFReadStreamSetProperty(readStream, kCFStreamSSLPeerName, kCFNull);

CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLPeerName, kCFNull);

//------------------------------------------------------
// Open streams.
//
if(!CFReadStreamOpen(readStream))
{
    NSLog(@"CFReadStreamOpen Failed!");
    return 0;
}

if(!CFWriteStreamOpen(writeStream))
{
    NSLog(@"CFWriteStreamOpen Failed!");
    CFReadStreamClose(readStream);
    return 0;
}

//------------------------------------------------------
// Send some data.
//
UInt8 data[20] = {0};

*(ushort*)data = 18;
for(int i = 2; i < 20; i++)
{
    data[i] = 'A' + i;
}

NSLog(@"Sending some data...");

CFIndex bytesSent = CFWriteStreamWrite(writeStream, data, 20);
NSLog(@"Bytes Sent: %d", (int)bytesSent);

//------------------------------------------------------
// Close streams.
//
CFReadStreamClose(readStream);
CFWriteStreamClose(writeStream);

我也尝试使用SecureTransport（SSLCreateContext，SSLSetConnection，SSLHandshake），但是结果相同 - SSL握手失败。

非常感谢任何建议。

- Codrin

2个回答

0

如果问题与AppTransport有关，您可以在MacOS 10.11上运行/usr/bin/nscurl --ats-diagnostics --verbose yourdomain.com来查找所需的异常。

- Yoav

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Nathaniel Waisbrot · Accepted Answer

有很多可能的错误原因。你应该从在Mac上使用curl命令访问Erlang服务器开始。Curl将给出更详细的错误信息。你需要传递-k标志告诉它忽略证书错误。

一些快速的可能性：你的Objective-C代码是否设置为允许无效证书？它是否设置为验证域名，而你的开发环境不进行反向DNS？