Get Server Self signed certificate in SSLtrusting with iOS application in tcp Socket

I'm using a self signed certificate in server side creating by openssl, i want to get the certificate in client side when doing the SSLHandshak.

There my iOS application code for trusting:

func setupNetworkCommunication(adress:String, port: Int) {
        CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault,
                                           adress as CFString,
                                           UInt32(port),
                                           &readStream,
                                           &writeStream)
        
        inputStream = readStream!.takeRetainedValue()
        outputStream = writeStream!.takeRetainedValue()
        
        inputDelegate = self
        outputDelegate = self
        
        inputStream!.delegate = inputDelegate
        outputStream!.delegate = outputDelegate
        
        inputStream!.schedule(in:RunLoop.main, forMode: RunLoopMode.defaultRunLoopMode)
        outputStream!.schedule(in:RunLoop.main, forMode: RunLoopMode.defaultRunLoopMode)
        
        inputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey:  Stream.PropertyKey.socketSecurityLevelKey)
        outputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
        
        let sslSettings : [NSString: Any] = [
            NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse,
            //
            NSString(format: kCFStreamSSLPeerName): kCFNull,
            NSString(format: kCFStreamSSLIsServer): kCFBooleanFalse
        ]
        
        inputStream!.setProperty(sslSettings, forKey:  kCFStreamPropertySSLSettings as Stream.PropertyKey)
        outputStream!.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)
        
        inputStream!.open()
        outputStream!.open()
    }
    
    func stream(_ aStream: Stream, handle eventCode: Stream.Event) {
        switch eventCode {
        case Stream.Event.endEncountered:
            print("End Encountered")
            break
        case Stream.Event.openCompleted:
            print("Open Completed")
            break
        case Stream.Event.hasSpaceAvailable:
            print("Has Space Available")
            var sslTrustInput: SecTrust? =  inputStream! .property(forKey:kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
            var sslTrustOutput: SecTrust? = outputStream!.property(forKey:kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
            
            if (sslTrustInput == nil) {
                print("INPUT TRUST NIL")
            }
            else {
                print("INPUT TRUST NOT NIL")
            }
            
            if (sslTrustOutput == nil) {
                print("OUTPUT TRUST NIL")
            }
            else {
                print("OUTPUT TRUST NOT NIL")
            }
           
            guard let rootCert: SecCertificate = Crypto.getCertificateFromKeychaine(certificateName: "ca_server.")
             else {break}
            
            sslTrustInput  = addAnchorToTrust(trust: sslTrustInput!,  certificate: rootCert)
            sslTrustOutput = addAnchorToTrust(trust: sslTrustOutput!, certificate: rootCert)
            
            var result: SecTrustResultType = SecTrustResultType.unspecified
            
            let error: OSStatus = SecTrustEvaluate(sslTrustInput!, &result)
            
            if (error != noErr) {
                print("Evaluation Failed")
            }
            
            if (result != SecTrustResultType.proceed && result != SecTrustResultType.unspecified) {
                print("Peer is not trusted :(")
            }
            else {
                print("Peer is trusted :)")
                
            }
            
            break
        case Stream.Event.hasBytesAvailable:
            print("Has Bytes Available")
            break
        case Stream.Event.errorOccurred:
            print("Error Occured")
            break
        default:
            print("Default")
            break
        }
    }
    
   fileprivate func addAnchorToTrust(trust: SecTrust, certificate: SecCertificate) -> SecTrust {
        let array: NSMutableArray = NSMutableArray()
        
        array.add(certificate)
        
        SecTrustSetAnchorCertificates(trust, array)
        
        return trust
    }


I wan't to know if there is any methode to get server certificate befoor trusting ?

Up vote post of marouane.lanouari-extern@renau Down vote post of marouane.lanouari-extern@renau
1.1k views
Posted by
marouane.lanouari-extern@renau
Reply
Add a Comment

Replies

Not tested. But a quick search shows ways to get server certificate. Does that work for you ?

Demonstrates how to connect to an SSL server and verify its SSL certificate.


h ttps://www.example-code.com/swift/ssl_verify_server_certificate.asp

Posted by
Claude31
Up vote reply of Claude31 Down vote reply of Claude31
Add a Comment

Thank you for your answer,

I saw this code before, but my question is "if there is a method using the security framework" ?

Posted by
marouane.lanouari-extern@renau
Up vote reply of marouane.lanouari-extern@renau Down vote reply of marouane.lanouari-extern@renau
Add a Comment