We can see from the Apache logs that QTMovie does hand over a client certificate when the server asks for it during an SSL handshake.
But we cannot tell which certificate it is and which CA cert that we need to use on the server side (the CA cert that generated the client cert). This is a little upside down. Typically with certificate client authentication, the CA cert is in hand first and the client cert is generated from it and bundled with the client component. In this case, QTMovie is hiding its internal client cert and the process by which it hands it back to the server upon request, and there's no documentation explaining how all of this is done and -- more importantly -- which CA cert was used to generate it. Has anyone successfully done 2-way SSL authentication from a QTMovie before? If so, what CA cert did you use on the server side? edited snippet: // ourwebproxy.com is running Apache 2 on Mac OS X and has the following client authentication settings: // SSLCACertificateFile /private/etc/apache2/certs_and_keys/all_pre-installed_ca_certs_from_system_keychain_concatenated.pem // SSLVerifyClient require // SSLVerifyDepth 10 NSURL * url = [NSURL URLWithString:@"https://ourwebproxy.com/themovie.mp4";]; .... NSDictionary * attributes = [NSDictionary dictionaryWithObjectsAndKeys: url, QTMovieURLAttribute, [NSNumber numberWithBool:YES], QTMovieOpenForPlaybackAttribute, [NSNumber numberWithBool:YES], QTMovieOpenAsyncOKAttribute, nil]; movie = [[Movie alloc] initWithAttributes:attributes error:nil]; .... movielayer = [QTMovieLayer layerWithMovie:movie]; -GH _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
