Client certificates
niklassaers opened this issue · 1 comments
Hey guys,
I'm wondering, when using BlueSSLService as a client, I have to supply a PKCS12 file on iOS, tvOS and macOS just like I would if it was running as a server, right? Is there a way I could allow it to make one up itself either first time it runs or every time? If so, what are the major downsides to this I should keep in mind?
I'm working on Bolt Support for Theo, which uses BlueSocket with BlueSSLService as a client to connect to a Neo4j database server using the Bolt protocol over SSL. I've written code to generate the certificates on macOS and Linux, and am planning adding a build step to generate them for iOS and tvOS. But if at all possible I'd love to drop this and having it be just an option to add your own client keys. After all, I know no other something-via-SSL clients that require keys and certificates to be generated before using the client. Also, I worry that when distributing an app that contains both private key, public key and passphrase, whatever security I added by using SSL is really out the window. But while I can generate them at run-time on macOS and Linux, I don't know how I could do that on iOS and tvOS.
Cheers
Niklas
Hi Bill,
Thanks for the update from a few days ago. Using
public init(withCipherSuite cipherSuite: String? = nil, clientAllowsSelfSignedCertificates: Bool = true)
it works fine, and I no longer provide a certificate. It didn't work fine reliably, though, but adding PR #33, it now works fine with every now and then an automatic retry.
Cheers
Niklas