views:

1500

answers:

3

Well, maybe not with all 4 things, but here's my situation:

I have an ActiveMQ backend (running on my desktop Mac). It's a stock Apache ActiveMQ server I have which I am basically using as an echo server to tail the logs and debug my client. The client is an iPhone project with a hacked up Stomp.framework implementation using AsyncSocket.

I need to use AsyncSocket Cocoa library to talk to the Stomp server, which I more or less have working. I can send messages to queues, and read them back out, so I think I am good there.

BUT, when I try to set everything up to use SSL (also a requirement) I get the following error description out of the NSError object I get back:

kCFStreamErrorDomainSSL error -9812.

I cannot for the life of me figure out what this error code is. Anyone have a clue?

Here is how I setup the SSL stuff for AsyncSocket:

EDIT: ADDED THE CORRECT CODE HERE. NOTE SELF-SIGNED CERTS.

//- (BOOL)onSocketWillConnect:(AsyncSocket *)sock
{
// Connecting to a secure server
NSMutableDictionary * settings = [NSMutableDictionary dictionaryWithCapacity:2];

// Use the highest possible security
[settings setObject:(NSString *)kCFStreamSocketSecurityLevelNegotiatedSSL
    forKey:(NSString *)kCFStreamSSLLevel];

// Allow self-signed certificates
[settings setObject:[NSNumber numberWithBool:YES]
    forKey:(NSString *)kCFStreamSSLAllowsAnyRoot];

CFReadStreamSetProperty([sock getCFReadStream],
      kCFStreamPropertySSLSettings, (CFDictionaryRef)settings);
CFWriteStreamSetProperty([sock getCFWriteStream],
       kCFStreamPropertySSLSettings, (CFDictionaryRef)settings);

return YES;

}

Anyone have any ideas? I think I'm setting the stream properties correctly. Maybe it's something to do with the ActiveMQ setup? I didn't do any configuration other than to enable the SSL over Stomp protocol in ActiveMQ. I don't have a certificate or anything like that. Maybe that is the problem?

Any insight is appreciated!

A: 

no idea on the specifics of the error code but I can tell you that the certs that ship with activemq are noddy, intended for testing only. They are self signed certs (essentially invalid) which can throw a client side ssl library that tries to validate their chain length. In the ssl broker test the cert is explicitly added to the trust store so that the client can accept it rather than attempting to validate it. A good start would be to generate valid certs for the broker or figure out a way to add the existing cert to the trust store used by AsyncSocket (have no idea how that is configured though, possibly the linked java test code will help)

gtully
A: 

Secure Transport reference on your Mac

Scroll down to result codes to see the error codes. The one you're getting is "errSSLUnknownRootCert". (Seems to confirm gtully's answer.)

A: 

Could you share the changes back to the stomp framework? Would be helpful for everybody to take advantage of a STOMP based implementation using AsyncSocket.

Thanks

Olivier