Closed yesitsdave closed 8 years ago
This fixed the connection problem to wss for me as well.
@yesitsdave @tomasharkema the correct solution is to implement and respond to the webSocket:evaluateServerTrust: method. If you're connect to a "wss" server you should not ignore validating the certificate chain and if you are using a self signed certificate you should ensure you evaluate it against a local public cert copy.
If you fail to do this you probably would be just as well off sending over ws:// as the security of the connection is already faulty.
@yesitsdave @tomasharkema it does appear there is a bug in the implementation of TLS, I'll try and sort this out in the next day or two.
@robertjpayne Yes I see, probably it also needs a warning / default failure in the case that validation should be performed?
@yesitsdave @tomasharkema hey for both of you I fixed some critical errors in how custom SSL negotiation was handled. This is now in master/develop and it's pushing to cocoapods as we speak.
The delegate method now works as intended and you only need return YES
to have the SSL connection continue. I would only recommend custom validation if the certificate cannot be validated by iOS itself. Secondly I would not recommend blindly accepting any certificate, you should use the SecTrust methods to evaluate the trustworthiness of the certificate.
@robertjpayne Awesome thanks!
I'm not 100% sure if this is the correct approach, but it fixed my problem connecting to wss sockets due to an unimplemented webSocket:evaluateServerTrust: always failing and kCFStreamSSLValidatesCertificateChain being set to NO.