JustLog
JustLog copied to clipboard
Adds support for TLS certificates and peerName
We have our own Elastic Load balancer in AWS which only allows TCP socket connections from specific SSL cert. Since this was not available I quickly added it in and created a PR for others to use.
@naqi I was doing the changes, but there is something that I don't understand. What's the difference between the 'host' and the 'sslPeerName'? Also because I saw that in the 'AsyncSocketManager' extension the 'connect' function use always the host property, is that right? Must the 'host' and the 'sslPeerName' have the same value? Thank you in advance
@gigisommo sorry for delayed response.
We didn't want to it to be host name by default because we use a load balancer which can cause complications. So instead we opted to use a specific certificate from SSL cert. While going through CFSocketStream I found this can be done via sslPeerName
hence the code you are seeing now. I guess it could be renamed to something more appropriate but in interest of time simplicity I kept it same as Apple. Here is the document in question.
Documentations from Apple
/*
* kCFStreamSSLPeerName
*
* Discussion:
* Security property key for kCFStreamPropertySSLSettings.
* CFStringRef overriding the name used for certificate
* verification. Set to kCFNull to prevent name verification.
* Default is the host name with which the streams were created. If
* no host name was used, no peer name will be used.
*
*/
@available(iOS 2.0, *)
public let kCFStreamSSLPeerName: CFString
Hi @naqi, I'm sorry the team didn't follow up on this... Do you still need these changes? They look ok to me.
I'm gonna go ahead and close this as we are deprecating the component and archiving the repo.