iOS：SocketRocket-如何实现SSL握手

Question

just switched to Websockets in combination with Protobufs. Works like a charm on IOS but I am not sure how to implement SSL Handshake (like with NSURLConnection) via SocketRocket Lib. Has someone experience with that or is it just not yet supported.

TSL connection is already working and SSL pinning would also work - but how to implement the correct SSL handshake by validating the SSL chain correctly with web sockets via SocketRocket?!

BR

Answer 1

EDIT: Correcting error in my previous answer.

CFStream which is what Socket Rocket uses in the background will handle the handshake automatically assuming the certificate has been added to the keychain. If you need to add a certificate, see answer to this question: iOS: Pre install SSL certificate in keychain - programmatically

If however, Pinning is what you are looking for, this is straightforward to do with Socket Rocket. Use the initWithURLRequest initializer and everything else is handled automatically. For pinned certificates, SocketRocket does not validate the certificate chain which is the behavior you want, because with pinning you are specifically saying trust this certificate or certificate signed by this certificate only. ie it does not rely on validating a chain.

    NSURL *url = [NSURL URLWithString: ServerSocketURLString];
    NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:url];

    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"certificatefilename" ofType:@"cer"];
    NSData *certData = [[NSData alloc] initWithContentsOfFile:cerPath];
    CFDataRef certDataRef = (__bridge CFDataRef)certData;
    SecCertificateRef certRef = SecCertificateCreateWithData(NULL, certDataRef);
    id certificate = (__bridge id)certRef;

    [request setSR_SSLPinnedCertificates:@[certificate]];

    self.clientWebSocket = [[SRWebSocket alloc] initWithURLRequest:request];

    self.clientWebSocket.delegate = self;