> On 27 Jun 2016, at 06:11, Jens Alfke <j...@mooseyard.com> wrote: > >> On Jun 25, 2016, at 7:44 PM, Gerriet M. Denkmann <gerr...@mdenkmann.de> >> wrote: > >> Absolutely not sure whether the code above is correct, but it seems to be >> working.
> It’s fine; the certificate is public and intended to be shared. It’s the > private key that’s sensitive. What you’re describing is called “key-pinning”: > restricting a client to connect only with a server with a known public key. That is very reassuring to know. Thanks for the confirmation. > That was fast! This is frustrating stuff to implement. Or maybe the docs have > gotten a lot better recently ;-) I am great, am I not? (Well, to be honest, I have been struggling with this for weeks, and also borrowed heavily from the Apple sample code TLSTool) > If every instance of the server has its own key, then embedding a cert in the > client app doesn’t work. This project is for my own personal use. So there is just one server. > The situation you want to watch out for is where the client connects to a > server it’s already connected to, but the cert’s public key doesn’t match the > previous one. In this case the client will close the connection immediately. Kind regards, Gerriet. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
