[iOS / Objective-C] Seeking guidance for configuration for SSL
260 views
Skip to first unread message
Rob Cecil
Jun 22, 2018, 1:22:25 PM6/22/18
to grpc.io
I am developing both an iOS app and server using Grpc (objective-C/Swift and C# respectively).
The app will be naturally released to the Apple App Store. However, the server is designed to reside within the user's corporate network, deploying our Grpc C#-based product, which will require a self-signed certificate strategy.
That means we will not be bundling server certificates within the app bundle - but need to pickup whatever certificates have been configured (using profiles, EMM, etc.) and coordinating with their own servers.
I am using the generated code approach for Objective-C, and leveraging GRPCProtoService<T> services.
My understanding is that by default, the Objective-C Grpc implementation assumes secure SSL connections and you must use
My understanding is that by default, the Objective-C Grpc implementation assumes secure SSL connections and you must use
GRPCCall.useInsecureConnections(forHost:)
to override that behavior.
What I don't understand is how to use, if I even need to use, GRPCCall.setTLSPEMRootCerts, in a situation when the server certificate is not in the app bundle, but already on the device.
to override that behavior.
What I don't understand is how to use, if I even need to use, GRPCCall.setTLSPEMRootCerts, in a situation when the server certificate is not in the app bundle, but already on the device.
Thanks.
Muxi Yan
Jun 27, 2018, 1:44:19 PM6/27/18
to grpc.io
If the server certificate is self-signed, then setTLSPEMRootCerts is required. All it takes is the string of the certificate (something like `-----BEGIN CERTIFICATE-----\nABCDEF....`). As long as you can obtain that string, you can use it with setTLSPEMRootCerts. Bundling it in the app is just one way of getting the string; how you get it is out of the scope of setTLSPEMRootCerts.
Rob Cecil
Aug 5, 2018, 9:37:56 PM8/5/18
to grpc.io
Muxi, Which override am I using for this method?
Is there an example for Objective-C and SSL ?
Rob Cecil
Aug 6, 2018, 7:56:39 PM8/6/18
to grpc.io
I logged a bug on the Grpc tracker to add more examples in this area.
I'm confused about how to properly configure SSL on iOS.
I'm confused about how to properly configure SSL on iOS.
Here we have code that uses 'useTestCertPath' with comment:
| - (void) configureNetworking { | |
| if (!useSSL) { | |
| _addressWithPort = [kHostAddress stringByAppendingString:@":8080"]; | |
| // This tells the GRPC library to NOT use SSL. | |
| [GRPCCall useInsecureConnectionsForHost:_addressWithPort]; | |
| } else { | |
| _addressWithPort = [kHostAddress stringByAppendingString:@":443"]; | |
| // This tells the GRPC library to trust a certificate that it might not be able to validate. | |
| // Typically this would be used to trust a self-signed certificate. | |
| [GRPCCall useTestCertsPath:[[NSBundle mainBundle] pathForResource:@"ssl" ofType:@"crt"] | |
| testName:@"example.com" | |
| forHost:kHostAddress | |
| ]; | |
| } | |
| _client = [[StickyNote alloc] initWithHost:_addressWithPort]; | |
| } |
Can you explain the different scenarios for useTestCertsPath and setTLSPemRootsCerts?
Do I need to configure "mutual TLS" ???
On Friday, June 22, 2018 at 1:22:25 PM UTC-4, Rob Cecil wrote:
Reply all
Reply to author
Forward
0 new messages