iOS: Network SSL相关问题

问题引自：点击打开链接

http://stackoverflow.com/questions/9874932/ssl-identity-certificate-to-run-an-https-server-on-ios

http://stackoverflow.com/questions/26592389/ios-creating-a-server-socket-for-mutual-ssl-authentication-using-gcdasyncsocket

http://stackoverflow.com/questions/28407397/objective-c-eveluate-server-certificate-signed-by-our-own-pki-root-ca-on-tls

Apple Doc

https://developer.apple.com/library/ios/documentation/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html#//apple_ref/doc/uid/TP40001358-CH208-SW13

SSL Identity Certificate to run an HTTPS Server on iOS

up vote 3 down vote favorite 3

I'm trying to build an HTTPS server in an iOS app, in order to act as a proxy between my web-app and my external server. I have managed to make an HTTP server by listening to a socket, either thanks to CFSocketRef or using the GCDAsyncSocket library. I have also succeed to make a Mac app running an HTTPS server, using the GCDAsyncSocket library and thanks to my method "secureSocket:" below which secures the connection: - (void)socket:(GCDAsyncSocket *)sock didAcceptNewSocket:(GCDAsyncSocket *)newSocket { // (...) // secure the connection [self secureSocket:newSocket]; // (...) } - (void)secureSocket:(GCDAsyncSocket *)sock { // The root self-signed certificate I have created NSString *certificatePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"]; NSData *certData = [[NSData alloc] initWithContentsOfFile:certificatePath]; CFDataRef certDataRef = (CFDataRef)certData; SecCertificateRef cert = SecCertificateCreateWithData(NULL, certDataRef); [certData release]; // the "identity" certificate SecIdentityRef identityRef; SecIdentityCreateWithCertificate(NULL, cert, &identityRef); // the certificates array, containing the identity then the root certificate NSArray *certs = [[NSArray alloc] initWithObjects:(id)identityRef, (id)cert, nil]; // the SSL configuration NSMutableDictionary *settings = [NSMutableDictionary dictionaryWithCapacity:3]; [settings setObject:[NSNull null] forKey:(NSString *)kCFStreamSSLPeerName]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsAnyRoot]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsExpiredRoots]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsExpiredCertificates]; [settings setObject:[NSNumber numberWithBool:NO] forKey:(NSString *)kCFStreamSSLValidatesCertificateChain]; [settings setObject:(NSString *)kCFStreamSocketSecurityLevelNegotiatedSSL forKey:(NSString*)kCFStreamSSLLevel]; [settings setObject:certs forKey:(NSString *)kCFStreamSSLCertificates]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLIsServer]; [sock startTLS:settings]; [certs release]; } The certificate I'm using is a self-signed server SSL certificate I have created with Keychain Access. So I understand that I have to give the system a configuration set with an array containing an identity and a certificate. And it works fine on my Mac app. The problem is to enable the SSL on the HTTP server of my iOS app. The method "SecIdentityCreateWithCertificate()" which creates the identity doesn't exist on iOS and I don't know how to create an identity another way. How to create an SecIdentityRef on iOS (to enable SSL server side)? Did I miss somethinglike to store the public/private key in my app, or something else? Thank you so much. ios