Currently, We are developing a MacOS application and the app can connect successfully to a server "X.X.X.X:YYYY" with default TCP Option and none TLS by NWConnection.
Note: the host name without any "http/https" or "ws/wss". If we add one of them before host name, the connection will be fail to connect.
After the client connected to the server. Server will send a message for client contains "TLS". We have two certificate files from server so how can we setup the connection with those certificates for SSL Handshake after the connection has been established?
We have a MFC App using the logic as description below:
- Open socket with TCP.
- Get the sever receive message.
- Get Handshake context if the message contains "TLS", Client credentials.
- Perform Client Handshake with the context above.
- Verify the Server CA with *.der and *.cer format
Is there any solution for this case? I have tried several guidelines in StackOverFlow but It doesn't work or being deprecated.
About Certificate Authority, I used these lines of code to add to the keychain for testing:
let rootCertPath = "***/enterprise_der.cer"
let rootCertData = NSData(contentsOfFile: rootCertPath)
let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData!)
//var result: CFTypeRef1
let dict = NSDictionary.init(objects: [kSecClassCertificate, rootCert!], forKeys: [kSecClass as! NSCopying, kSecValueRef as! NSCopying])
err = SecItemAdd(dict, nil)
The CA is automatically add to the login Keychain.
I have tried to use the
let tlsOptions = NWProtocolTLS.Options()
sec_protocol_options_set_min_tls_protocol_version(
tlsOptions.securityProtocolOptions,
.TLSv12)
but my app dose not connect to the IP totally.
func connect(toHost host: String, port: UInt16 = broadcastPort) -> Void) {
connection = NWConnection(host: .init(host), port: .init(integerLiteral: port), using: NWParameters(tls: nil, tcp: .init()))
connection?.stateUpdateHandler = { ... }
self.connection?.start(queue: .main)
}
