tomasharkema
commented
8 years ago This fixed the connection problem to wss for me as well.
Closed yesitsdave closed 8 years ago
tomasharkema
commented
8 years ago This fixed the connection problem to wss for me as well.
robertjpayne
commented
8 years ago @yesitsdave @tomasharkema the correct solution is to implement and respond to the webSocket:evaluateServerTrust: method. If you're connect to a "wss" server you should not ignore validating the certificate chain and if you are using a self signed certificate you should ensure you evaluate it against a local public cert copy.
If you fail to do this you probably would be just as well off sending over ws:// as the security of the connection is already faulty.
robertjpayne
commented
8 years ago @yesitsdave @tomasharkema it does appear there is a bug in the implementation of TLS, I'll try and sort this out in the next day or two.
yesitsdave
commented
8 years ago @robertjpayne Yes I see, probably it also needs a warning / default failure in the case that validation should be performed?
robertjpayne
commented
8 years ago @yesitsdave @tomasharkema hey for both of you I fixed some critical errors in how custom SSL negotiation was handled. This is now in master/develop and it's pushing to cocoapods as we speak.
The delegate method now works as intended and you only need return YES to have the SSL connection continue. I would only recommend custom validation if the certificate cannot be validated by iOS itself. Secondly I would not recommend blindly accepting any certificate, you should use the SecTrust methods to evaluate the trustworthiness of the certificate.
yesitsdave
commented
8 years ago @robertjpayne Awesome thanks!
I'm not 100% sure if this is the correct approach, but it fixed my problem connecting to wss sockets due to an unimplemented webSocket:evaluateServerTrust: always failing and kCFStreamSSLValidatesCertificateChain being set to NO.