By adding the regular kCFStreamSSLValidatesCertificateChain, kCFStreamSSLAllowsAnyRoot, etc. to the kCFStreamPropertySSLSettings dictionary, I can make server and client authentication work.
However, I do not see how I can get this finer grain; i.e.
- never saw the server / CA certificate - and escalation of adoption to the user.
- check the certificate of the server I'm connected to against a narrow trust list (for example, a certificate received during a previous connection).
those. what I'm looking for is 1) something like SSLSetTrustedRoots () on MacOSX and 2) something like error / domain callbacks in kCFStreamErrorDomainSSL (e.g. errSSLPeerCertUnknown) - not that seems specific / accessible on ipad / iphone 4.2.1.
Or am I missing something? Or do I need to do something explicit in the callback? Examples are evaluated (the AdvancedURLConnections example is not entirely applicable - I have a raw (IRC) socket).
Thank,
Dw.
source
share