私はinstantsslからcrtを取得し、opensslを使用して.p12java keytoolを作成し、javaキーストアを作成しました。
openssl pkcs12 -export -in AddTrustExternalCARoot.crt -in UTNAddTrustSGCCA.crt -in ComodoUTNSGCCA.crt -in EssentialSSLCA_2.crt -in www_geobomber_com.crt -inkey www.geobomber.com.key -out www.geobomber.com.p12
keytool -importkeystore -destkeystore www.thedomain.com.jks -srckeystore www.thedomain.com.p12 -srcstoretype PKCS12 -alias 1
私のSSL接続用のiOSプログラムは以下の通りです。それはすべて実行され、問題ないようです。私の最初の質問は、(NSDictionary * settings)が正しく設定されているかどうかです。-SSL接続を成功させるために必要なのはそれだけです。私はiPhoneにcrtsが必要だという印象を受けました。
CFReadStreamRef readStream;
CFWriteStreamRef writeStream;
CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)@"www.thedomain.com", port, &readStream, &writeStream);
NSInputStream *inputStream = (__bridge_transfer NSInputStream *)readStream;
NSOutputStream *outputStream = (__bridge_transfer NSOutputStream *)writeStream;
[inputStream open];
[outputStream open];
BOOL result = [inputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
NSLog(@"inputStream result %i",result);
result =[outputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
NSLog(@"outputStream result %i",result);
if (YES){
NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
[NSNumber numberWithBool:NO], kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:NO], kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:YES], kCFStreamSSLValidatesCertificateChain,
kCFNull,kCFStreamSSLPeerName,
nil];
CFReadStreamSetProperty((CFReadStreamRef)inputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
CFWriteStreamSetProperty((CFWriteStreamRef)outputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
}
//endstuff
NSString *response = @"hello from iphone stream";
NSData *data = [[NSData alloc] initWithData:[response dataUsingEncoding:NSASCIIStringEncoding]];
NSLog(@"going to try to write.");
[outputStream write:[data bytes] maxLength:[data length]];