Hi,
I tried to implement a connection between a iOS-App (iOS 9 /10) and a TCP-server with TLS 1.2 by using a real certificate for testing, not a self signed.
As you can see in the code, I use NSStream for the data transfer between the server and the app.
CFReadStreamRef readStream;
CFWriteStreamRef writeStream;
CFDictionaryRef sslSettingsDict;
CFStreamCreatePairWithSocketToHost(NULL, (__bridge CFStringRef)ns_IP, ui_Port, &readStream, &writeStream);
inputStream = (__bridge NSInputStream *)readStream;
outputStream = (__bridge NSOutputStream *)writeStream;
[inputStream setDelegate:(id)self];
[outputStream setDelegate:(id)self];
[inputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
const void* keys[] = { kCFStreamSSLLevel, kCFStreamPropertyShouldCloseNativeSocket};
const void* values[] = { CFSTR("kCFStreamSocketSecurityLevelTLSv1_2"), CFSTR("kCFBooleanTrue") };
sslSettingsDict = CFDictionaryCreate(kCFAllocatorDefault, keys, values, 2,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
CFReadStreamSetProperty(readStream, kCFStreamPropertySSLSettings, sslSettingsDict);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySSLSettings, sslSettingsDict);
CFRelease(sslSettingsDict);
[inputStream open];
[outputStream open];
We tried several settings on the server. First step was that the client verifies the certificate from the server. That was ok with my code.
In the second step the server expects a certificate from the client. But now I get the error CFNetwork SSLHandshake failed (-9824 -> -9829).
I added NSAllowsArbitraryLoads to my Info.plist, but that doesn't make a difference.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Thanks for the help 🙂