I'm using a self signed certificate in server side creating by openssl, i want to get the certificate in client side when doing the SSLHandshak.
There my iOS application code for trusting:
func setupNetworkCommunication(adress:String, port: Int) {
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault,
adress as CFString,
UInt32(port),
&readStream,
&writeStream)
inputStream = readStream!.takeRetainedValue()
outputStream = writeStream!.takeRetainedValue()
inputDelegate = self
outputDelegate = self
inputStream!.delegate = inputDelegate
outputStream!.delegate = outputDelegate
inputStream!.schedule(in:RunLoop.main, forMode: RunLoopMode.defaultRunLoopMode)
outputStream!.schedule(in:RunLoop.main, forMode: RunLoopMode.defaultRunLoopMode)
inputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
outputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
let sslSettings : [NSString: Any] = [
NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse,
//
NSString(format: kCFStreamSSLPeerName): kCFNull,
NSString(format: kCFStreamSSLIsServer): kCFBooleanFalse
]
inputStream!.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)
outputStream!.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)
inputStream!.open()
outputStream!.open()
}
func stream(_ aStream: Stream, handle eventCode: Stream.Event) {
switch eventCode {
case Stream.Event.endEncountered:
print("End Encountered")
break
case Stream.Event.openCompleted:
print("Open Completed")
break
case Stream.Event.hasSpaceAvailable:
print("Has Space Available")
var sslTrustInput: SecTrust? = inputStream! .property(forKey:kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
var sslTrustOutput: SecTrust? = outputStream!.property(forKey:kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
if (sslTrustInput == nil) {
print("INPUT TRUST NIL")
}
else {
print("INPUT TRUST NOT NIL")
}
if (sslTrustOutput == nil) {
print("OUTPUT TRUST NIL")
}
else {
print("OUTPUT TRUST NOT NIL")
}
guard let rootCert: SecCertificate = Crypto.getCertificateFromKeychaine(certificateName: "ca_server.")
else {break}
sslTrustInput = addAnchorToTrust(trust: sslTrustInput!, certificate: rootCert)
sslTrustOutput = addAnchorToTrust(trust: sslTrustOutput!, certificate: rootCert)
var result: SecTrustResultType = SecTrustResultType.unspecified
let error: OSStatus = SecTrustEvaluate(sslTrustInput!, &result)
if (error != noErr) {
print("Evaluation Failed")
}
if (result != SecTrustResultType.proceed && result != SecTrustResultType.unspecified) {
print("Peer is not trusted :(")
}
else {
print("Peer is trusted :)")
}
break
case Stream.Event.hasBytesAvailable:
print("Has Bytes Available")
break
case Stream.Event.errorOccurred:
print("Error Occured")
break
default:
print("Default")
break
}
}
fileprivate func addAnchorToTrust(trust: SecTrust, certificate: SecCertificate) -> SecTrust {
let array: NSMutableArray = NSMutableArray()
array.add(certificate)
SecTrustSetAnchorCertificates(trust, array)
return trust
}
I wan't to know if there is any methode to get server certificate befoor trusting ?