feat(iOS): Add more NodeJS TLS options #208
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vricosti
force-pushed
the
dev/more-node-tls-compliant-ios
branch
from
5a3280d to
f1ab919
Compare
This was referenced Mar 6, 2025
Rapsssito
changed the title
github-actions bot
pushed a commit
that referenced
this pull request
Apr 23, 2025
# [6.3.0](v6.2.0...v6.3.0) (2025-04-23) ### Bug Fixes * Fix createServer() to properly handle Node.js-compatible options parameter ([#210](#210)) ([ace0e1c](ace0e1c)) * Upgrade bouncycastle dependency to 1.78.1 ([#205](#205)) ([f33522e](f33522e)) ### Features * **iOS:** Add more NodeJS TLS options ([#208](#208)) ([6d2fcae](6d2fcae)) * Added compatibility for concurrenct connections for Android 15 ([#206](#206)) ([4284f91](4284f91))
|
🎉 This PR is included in version 6.3.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This was referenced Apr 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
As I already did for the android part here is the last part for iOS that allows to pass a digital identity(cert + private key) that will be used during TLS client authentication.
I implemented this because I am working on a react-native-androidtv-remote and it was mandatory.
So basically for a client to authenticate it can pass a cert/key either as a pem string or directly as a file:
or
I have implemented getPeerCertificate() and getCertificate() but since on iOS there is no ASN1 decoder that can be easily used I have only implemented the fields I was interested in ie:
-exponent
-modulus
-pubkey
-subject/CN
-issuer/CN
if some people needs more fields a solution is to add the libder library (https://github.com/Apple-FOSS-Mirror/CommonCrypto/tree/master/Source/libDER) and to use it to decode all fields as in the node implementation.
One drawback of not using a proper asn1 decoder is the fact that on iOS we can only insert keys of 2048 bits when using key in PKCS8 format (-----BEGIN PRIVATE KEY-----), if you need to use another key length you can use PKCS1 format (-----BEGIN RSA PRIVATE KEY-----).
If you provide a cert/key with it's corresponding alias you can then check if the digital identity has been inserted inside the keystore through TLS.hasIdentity and in this case for the next connection if you only provide certAlias/keyAlias without the key/cert then it will take the certificate directly from the keystore without having to insert it everytime.
Please not that on Android when you do not provide the androidKeyStore key, the certificate/key will not be stored permanentlty (only in memory). Maybe later it could be interesting to use AndroidKeyStore to have the same behavior as iOS by default.
Finally I have also include a fix about timeout because it was fixing my timeout issues.