This is tricky. You can do the opposite of this (starting a TLS session on a connected socket stream, that is, a STARTTLS) by setting
kCFStreamPropertySSLSettings
after the open, but you can’t undo this in a similar way (like setting that property to nil).
In theory you should be able to do this with NSURLSessionStreamTask by calling the
-stopSecureConnection
. However, I don’t think that’s implemented properly (r. 30498346).
Weirdly, CFSocketStream seems to have all the infrastructure to make this work, it just doesn’t kick in, and it’s hard to see why not (for an example of the weirdness, CFSocketStream does not call
SSLClose
when you close the stream, but if you release all of your references to the stream, including those held by the run loop, it does!). If you’d like me to dig into this further, you should open a
DTS tech support incident so I can look at it during work hours (-:
You might be able to make this work with something ‘clever’, like:
Get and retain the
SSLContext
via the kCFStreamPropertySSLContext
propertyDisconnect the socket stream pair from the underlying BSD Socket, as you’re already doing
Set up new I/O functions on the
SSLContextRef
Close TLS the connection by calling
SSLClose
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
