thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Rogers" <tedro...@gmail.com>
Subject RE: iOS SSL Thrift Connection
Date Tue, 31 Dec 2013 20:23:11 GMT
Jools,

Thanks for your help.

I do have another question.  I have been searching for examples of setting
up SSL with sockets on iOS and they all have similar code which concerns me
because it seems to reduce the security.

After setting the NSStreamSocketSecurityLevelKey property, they also
configure these settings like this:

NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
                          [NSNumber numberWithBool:YES],
kCFStreamSSLAllowsExpiredCertificates,
                          [NSNumber numberWithBool:YES],
kCFStreamSSLAllowsAnyRoot,
                          [NSNumber numberWithBool:NO],
kCFStreamSSLValidatesCertificateChain,
                          kCFNull,kCFStreamSSLPeerName,
                          nil];
CFReadStreamSetProperty((CFReadStreamRef)inputStream,
kCFStreamPropertySSLSettings, (CFTypeRef)settings);
CFWriteStreamSetProperty((CFWriteStreamRef)outputStream,
kCFStreamPropertySSLSettings, (CFTypeRef)settings);

Do you know whether I should be messing with any of these settings or just
leave them at their default value?

Ted

-----Original Message-----
From: Jools [mailto:joolski@gmail.com] 
Sent: Tuesday, December 31, 2013 1:33 AM
To: user@thrift.apache.org
Subject: Re: iOS SSL Thrift Connection

Ted,

I'm still using .6, as we've hacked it about so much I've not had time to
merge my changes forward.

I was just curious which version you are using.

Best of luck, if you hit any issues post back here and I'm sure we'll be
able to help.

Cheers,

--Jools



On 30 December 2013 21:52, Ted Rogers <tedrog36@gmail.com> wrote:

> Jools,
>
> Not sure of current version as I can't find the version number in the 
> source or headers but I figured I would make sure I was using the 
> latest which I believe is 0.9.1.
>
> Is there a reason to do more than setting the stream properties?
>
> Ted
>
> -----Original Message-----
> From: Jools [mailto:joolski@gmail.com]
> Sent: Monday, December 30, 2013 3:01 PM
> To: user@thrift.apache.org
> Subject: Re: iOS SSL Thrift Connection
>
> Hi Ted,
>
> Yes, you can alter the stream properties to introduce SSL handshaking.
>
> Which version of thrift are you using ?
>
> --Jools
>
>
>
>
> On 30 December 2013 19:31, Ted Rogers <tedrog36@gmail.com> wrote:
>
> > Jools,
> >
> > Thanks for the response.  I am also using TNSFramedTransport.  I 
> > inherited this code so I am hanging on by my fingertips. :) After 
> > doing some more research I was wondering whether it was enough to 
> > just set the security level on the streams before opening them by 
> > setting the NSStreamSocketSecurityLevelKey and 
> > kCFStreamPropertySSLSettings properties on the streams in TSocketClient.
> > I assume that is not enough?
> > Ted
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Dec 30, 2013 at 2:11 PM, Jools <joolski@gmail.com> wrote:
> >
> > > Hi Ted,
> > >
> > > I hit this exact problem a while back, and ended up creating a my 
> > > own transport using GCDAsyncSocket, as I also needed SSL support 
> > > along with Framed Transport.
> > >
> > > See https://github.com/robbiehanson/CocoaAsyncSocket for more
> > information
> > > on this rather nifty library.
> > >
> > > If you'd like access to the code, let me know and I'd be happy to 
> > > post it up.
> > >
> > > Regards,
> > >
> > > --Kools
> > >
> > >
> > > On 30 December 2013 17:07, Ted Rogers <tedrog36@gmail.com> wrote:
> > >
> > > >
> > > > I'm looking to secure an existing Thrift connection using SSL.  
> > > > I see libraries for doing this with Java using 
> > > > TSSLTransportFactory but I
> > don't
> > > > see any Cocoa source for this.
> > > >
> > > > Any suggestions on how I go about doing this?
> > > >
> > > > Ted
> > >
> >
>
>


Mime
View raw message