|
@@ -183,6 +183,12 @@ typedef void (^data_callback)(SRWebSocket *webSocket, NSData *data);
|
|
|
@property (nonatomic) NSOperationQueue *delegateOperationQueue;
|
|
@property (nonatomic) NSOperationQueue *delegateOperationQueue;
|
|
|
@property (nonatomic) dispatch_queue_t delegateDispatchQueue;
|
|
@property (nonatomic) dispatch_queue_t delegateDispatchQueue;
|
|
|
|
|
|
|
|
|
|
+// Specifies whether SSL trust chain should NOT be evaluated.
|
|
|
|
|
+// By default this flag is set to NO, meaning only secure SSL connections are allowed.
|
|
|
|
|
+// For DEBUG builds this flag is ignored, and SSL connections are allowed regardless
|
|
|
|
|
+// of the certificate trust configuration
|
|
|
|
|
+@property (nonatomic, readwrite) BOOL allowsUntrustedSSLCertificates;
|
|
|
|
|
+
|
|
|
@end
|
|
@end
|
|
|
|
|
|
|
|
|
|
|
|
@@ -227,8 +233,6 @@ typedef void (^data_callback)(SRWebSocket *webSocket, NSData *data);
|
|
|
BOOL _secure;
|
|
BOOL _secure;
|
|
|
NSURLRequest *_urlRequest;
|
|
NSURLRequest *_urlRequest;
|
|
|
|
|
|
|
|
-
|
|
|
|
|
-
|
|
|
|
|
BOOL _sentClose;
|
|
BOOL _sentClose;
|
|
|
BOOL _didFail;
|
|
BOOL _didFail;
|
|
|
int _closeCode;
|
|
int _closeCode;
|
|
@@ -256,13 +260,14 @@ static __strong NSData *CRLFCRLF;
|
|
|
CRLFCRLF = [[NSData alloc] initWithBytes:"\r\n\r\n" length:4];
|
|
CRLFCRLF = [[NSData alloc] initWithBytes:"\r\n\r\n" length:4];
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-- (id)initWithURLRequest:(NSURLRequest *)request protocols:(NSArray *)protocols;
|
|
|
|
|
|
|
+- (id)initWithURLRequest:(NSURLRequest *)request protocols:(NSArray *)protocols allowsUntrustedSSLCertificates:(BOOL)allowsUntrustedSSLCertificates;
|
|
|
{
|
|
{
|
|
|
self = [super init];
|
|
self = [super init];
|
|
|
if (self) {
|
|
if (self) {
|
|
|
assert(request.URL);
|
|
assert(request.URL);
|
|
|
_url = request.URL;
|
|
_url = request.URL;
|
|
|
_urlRequest = request;
|
|
_urlRequest = request;
|
|
|
|
|
+ _allowsUntrustedSSLCertificates = allowsUntrustedSSLCertificates;
|
|
|
|
|
|
|
|
_requestedProtocols = [protocols copy];
|
|
_requestedProtocols = [protocols copy];
|
|
|
|
|
|
|
@@ -272,6 +277,11 @@ static __strong NSData *CRLFCRLF;
|
|
|
return self;
|
|
return self;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+- (id)initWithURLRequest:(NSURLRequest *)request protocols:(NSArray *)protocols;
|
|
|
|
|
+{
|
|
|
|
|
+ return [self initWithURLRequest:request protocols:protocols allowsUntrustedSSLCertificates:NO];
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
- (id)initWithURLRequest:(NSURLRequest *)request;
|
|
- (id)initWithURLRequest:(NSURLRequest *)request;
|
|
|
{
|
|
{
|
|
|
return [self initWithURLRequest:request protocols:nil];
|
|
return [self initWithURLRequest:request protocols:nil];
|
|
@@ -288,9 +298,14 @@ static __strong NSData *CRLFCRLF;
|
|
|
return [self initWithURLRequest:request protocols:protocols];
|
|
return [self initWithURLRequest:request protocols:protocols];
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+- (id)initWithURL:(NSURL *)url protocols:(NSArray *)protocols allowsUntrustedSSLCertificates:(BOOL)allowsUntrustedSSLCertificates;
|
|
|
|
|
+{
|
|
|
|
|
+ NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:url];
|
|
|
|
|
+ return [self initWithURLRequest:request protocols:protocols allowsUntrustedSSLCertificates:allowsUntrustedSSLCertificates];
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
- (void)_SR_commonInit;
|
|
- (void)_SR_commonInit;
|
|
|
{
|
|
{
|
|
|
-
|
|
|
|
|
NSString *scheme = _url.scheme.lowercaseString;
|
|
NSString *scheme = _url.scheme.lowercaseString;
|
|
|
assert([scheme isEqualToString:@"ws"] || [scheme isEqualToString:@"http"] || [scheme isEqualToString:@"wss"] || [scheme isEqualToString:@"https"]);
|
|
assert([scheme isEqualToString:@"ws"] || [scheme isEqualToString:@"http"] || [scheme isEqualToString:@"wss"] || [scheme isEqualToString:@"https"]);
|
|
|
|
|
|
|
@@ -561,17 +576,15 @@ static __strong NSData *CRLFCRLF;
|
|
|
|
|
|
|
|
// If we're using pinned certs, don't validate the certificate chain
|
|
// If we're using pinned certs, don't validate the certificate chain
|
|
|
if ([_urlRequest SR_SSLPinnedCertificates].count) {
|
|
if ([_urlRequest SR_SSLPinnedCertificates].count) {
|
|
|
- [SSLOptions setValue:[NSNumber numberWithBool:NO] forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
|
|
|
|
|
|
|
+ [SSLOptions setValue:@NO forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- BOOL allowUntrustedSSLCertificates = self.allowUntrustedSSLCertificates;
|
|
|
|
|
-
|
|
|
|
|
#if DEBUG
|
|
#if DEBUG
|
|
|
- allowUntrustedSSLCertificates = YES;
|
|
|
|
|
|
|
+ self.allowsUntrustedSSLCertificates = YES;
|
|
|
#endif
|
|
#endif
|
|
|
|
|
|
|
|
- if (allowUntrustedSSLCertificates) {
|
|
|
|
|
- [SSLOptions setValue:[NSNumber numberWithBool:NO] forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
|
|
|
|
|
|
|
+ if (self.allowsUntrustedSSLCertificates) {
|
|
|
|
|
+ [SSLOptions setValue:@NO forKey:(__bridge id)kCFStreamSSLValidatesCertificateChain];
|
|
|
SRFastLog(@"Allowing connection to any root cert");
|
|
SRFastLog(@"Allowing connection to any root cert");
|
|
|
}
|
|
}
|
|
|
|
|
|
John MacKanacKy