Post not yet marked as solved
On macOS there's https://developer.apple.com/documentation/quartzcore/carenderer?language=objc, but I'm not aware of an iOS equivalent...
Post not yet marked as solved
Using the old CFStream/CFSocket network framework I've just now successfully written a server that can detect and switch between tls/non-tls. The solution was surprisingly trivial: in the socket accept callback, firstly use recv(... MSG_PEEK) to grab the first 6 bytes of the message and check for a SSL/TLS header, and then after use CFStreamCreatePairWithSocket(), setting kCFStreamPropertySSLSettings if appropriate.Unfortunately, I can't see how to implement a similar approach using the new network framework.Firstly, it appears that the socket nw_listener_t is configured to use TLS (or not), rather than the individual connections made on it.Secondly, I've not seen an equivalent way of message peeking, or even getting the raw socket.
Post not yet marked as solved
Correct.I can imagine a solution where I have a TCP server, and when it detects that it's receiving TLS then it starts relaying messages back/forth to a different socket which is a TLS enabled server. So my question becomes, can the new nw_ framework offer a more elegant/efficient solution?
Follow up - I'd just like to say, that was ridiculously easy!I took the "nwcat" example code, monkey patched in my certficate loading code and enabled ALPN via replacing the configure_tls code in the create_and_start_listener() function with:SecIdentityRef identity = ... load the certificate...;
sec_protocol_options_set_local_identity(sec_options, sec_identity_create(identity));
sec_protocol_options_add_tls_application_protocol(sec_options, "h2");Connected via safari, and can clearly see that it's sending a http2 connection preface. Thank you.
Thank you, and for the tip where to find the related ALPN API.I'd avoided the new network framework since the docs on the Apple website for this framework are extremely sparse, but I've just now looking at the actual header files and these do have useful documentation in them. Suggest someone updates the online docs ;-)
What was the reply? I think I'm hitting the same issue.