NSStream SSL on used socket

Question

I am writing an application that uses NSStream's SSL functions on the iphone. I know that SSL is working because I can directly connect servers using SSL.
I have encountered a problem where protocols that use starttls require me to communicate on the socket with unsecured, send the starttls command and then reuse the same socket for SSL. As far as i know nsstream connections cannot be reused and i can't start SSL on them after i have opened the connection.

I thought about creating my own socket, communicating on it manually and then setting up an NSstream using the existing socket and start SSL that way. However, it appears the communicating on the socket places it in a state where i cant start SSL on it. Any attempt to use the socket for nsstream results in an error.

Any thoughts?

Answer 1

This is the correct way to do this. while doing this (setting the property after socket connection) is undocumented, this is code directly from my Monal xmpp client and apple has never given me any problems in the app store.

 NSInputStream *iStream;
NSOutputStream *oStream;


CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)server, port, &iStream, &oStream);


[iStream open];
    [oStream open];

Once the connection has been opened and you get NSStreamEventOpenCompleted and the startTLS command has been sent to the host from the client:

NSDictionary *settings = [ [NSDictionary alloc ] 
                                  initWithObjectsAndKeys:
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsExpiredCertificates",
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsExpiredRoots",
                                  [NSNumber numberWithBool:YES], @"kCFStreamSSLAllowsAnyRoot",
                                  [NSNumber numberWithBool:NO], @"kCFStreamSSLValidatesCertificateChain",
                                  [NSNull null],@"kCFStreamSSLPeerName",
                                  @"kCFStreamSocketSecurityLevelNegotiatedSSL", 
                                  @"kCFStreamSSLLevel",
                                  nil ];
        CFReadStreamSetProperty((CFReadStreamRef)iStream, 
                                @"kCFStreamPropertySSLSettings", (CFTypeRef)settings);
        CFWriteStreamSetProperty((CFWriteStreamRef)oStream, 
                                 @"kCFStreamPropertySSLSettings", (CFTypeRef)settings);