Skip to content

Commit 46de0f6

Browse files
author
015484
committed
tls 证书验证通过一个开关来控制; 默认情况下不强制
1 parent d454e4d commit 46de0f6

2 files changed

Lines changed: 26 additions & 4 deletions

File tree

ObjC/NWAsyncSocketObjC/GCDAsyncSocket.m

Lines changed: 22 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,7 @@ - (instancetype)initWithDelegate:(id<GCDAsyncSocketDelegate>)delegate
180180
_readQueue = [NSMutableArray array];
181181
_isReadingContinuously = NO;
182182
_tlsEnabled = NO;
183+
_allowInsecureTLS = YES;
183184
_streamingTextEnabled = NO;
184185
_IPv4PreferredOverIPv6 = YES;
185186
}
@@ -580,10 +581,27 @@ - (BOOL)connectToHost:(NSString *)host
580581
// Create parameters
581582
nw_parameters_t parameters;
582583
if (self.tlsEnabled) {
583-
parameters = nw_parameters_create_secure_tcp(
584-
NW_PARAMETERS_DEFAULT_CONFIGURATION,
585-
NW_PARAMETERS_DEFAULT_CONFIGURATION
586-
);
584+
if (self.allowInsecureTLS) {
585+
dispatch_queue_t verifyQueue = self.socketQueue ?: dispatch_get_main_queue();
586+
parameters = nw_parameters_create_secure_tcp(
587+
^(nw_protocol_options_t _Nonnull tlsOptions) {
588+
sec_protocol_options_t secOptions = nw_tls_copy_sec_protocol_options(tlsOptions);
589+
sec_protocol_options_set_verify_block(secOptions, ^(sec_protocol_metadata_t _Nonnull metadata,
590+
sec_trust_t _Nonnull trust,
591+
sec_protocol_verify_complete_t _Nonnull complete) {
592+
(void)metadata;
593+
(void)trust;
594+
complete(true);
595+
}, verifyQueue);
596+
},
597+
NW_PARAMETERS_DEFAULT_CONFIGURATION
598+
);
599+
} else {
600+
parameters = nw_parameters_create_secure_tcp(
601+
NW_PARAMETERS_DEFAULT_CONFIGURATION,
602+
NW_PARAMETERS_DEFAULT_CONFIGURATION
603+
);
604+
}
587605
} else {
588606
parameters = nw_parameters_create_secure_tcp(
589607
NW_PARAMETERS_DISABLE_PROTOCOL,

ObjC/NWAsyncSocketObjC/include/GCDAsyncSocket.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ typedef NS_ENUM(NSInteger, GCDAsyncSocketError) {
5252
/// Whether to prefer IPv4 over IPv6 during hostname resolution. Default is YES.
5353
@property (atomic, assign) BOOL IPv4PreferredOverIPv6;
5454

55+
/// Whether to allow self-signed/invalid certificates when TLS is enabled.
56+
/// Default is YES (skip validation). Set to NO to enable system certificate validation.
57+
@property (atomic, assign) BOOL allowInsecureTLS;
58+
5559
/// Whether the socket is currently connected.
5660
@property (atomic, readonly) BOOL isConnected;
5761

0 commit comments

Comments
 (0)