User Profile

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

1 Replies

contentPostList.repliesup-voted.tooltip

Replied In Draw WKWebView into OpenGL Texture

On macOS there's https://developer.apple.com/documentation/quartzcore/carenderer?language=objc, but I'm not aware of an iOS equivalent...

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

6 Replies

contentPostList.repliesup-voted.tooltip

Replied In sec_protocol_options... detect/bypass?

50515104

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

6 Replies

contentPostList.repliesup-voted.tooltip

Replied In sec_protocol_options... detect/bypass?

Using the old CFStream/CFSocket network framework I've just now successfully written a server that can detect and switch between tls/non-tls. The solution was surprisingly trivial: in the socket accept callback, firstly use recv(... MSG_PEEK) to grab the first 6 bytes of the message and check for a SSL/TLS header, and then after use CFStreamCreatePairWithSocket(), setting kCFStreamPropertySSLSettings if appropriate.Unfortunately, I can't see how to implement a similar approach using the new network framework.Firstly, it appears that the socket nw_listener_t is configured to use TLS (or not), rather than the individual connections made on it.Secondly, I've not seen an equivalent way of message peeking, or even getting the raw socket.

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

6 Replies

contentPostList.repliesup-voted.tooltip

Replied In sec_protocol_options... detect/bypass?

Correct.I can imagine a solution where I have a TCP server, and when it detects that it's receiving TLS then it starts relaying messages back/forth to a different socket which is a TLS enabled server. So my question becomes, can the new nw_ framework offer a more elegant/efficient solution?

Post marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

3 Replies

contentPostList.repliessolved.tooltip

Replied In ALPN in SecureTransport

Follow up - I'd just like to say, that was ridiculously easy!I took the "nwcat" example code, monkey patched in my certficate loading code and enabled ALPN via replacing the configure_tls code in the create_and_start_listener() function with:SecIdentityRef identity = ... load the certificate...; sec_protocol_options_set_local_identity(sec_options, sec_identity_create(identity)); sec_protocol_options_add_tls_application_protocol(sec_options, "h2");Connected via safari, and can clearly see that it's sending a http2 connection preface. Thank you.

Post marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

3 Replies

contentPostList.repliessolved.tooltip

Replied In ALPN in SecureTransport

Thank you, and for the tip where to find the related ALPN API.I'd avoided the new network framework since the docs on the Apple website for this framework are extremely sparse, but I've just now looking at the actual header files and these do have useful documentation in them. Suggest someone updates the online docs ;-)

Post marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

4 Replies

contentPostList.repliessolved.tooltip

Replied In ALPN support in SecureTransport

What was the reply? I think I'm hitting the same issue.