feat: can allow trust a untrust CA certificate

alexyu1989 · alexyu1989 · commit a3344e2535db · 2017-06-01T14:15:56.000+08:00
diff --git a/CocoaMQTT.podspec b/CocoaMQTT.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name        = "CocoaMQTT"
-  s.version     = "1.0.16"
+  s.version     = "1.0.17"
   s.summary     = "MQTT v3.1.1 client library for iOS and OS X written with Swift 3"
   s.homepage    = "https://github.com/emqtt/CocoaMQTT"
   s.license     = { :type => "MIT" }
@@ -11,7 +11,7 @@ Pod::Spec.new do |s|
   s.ios.deployment_target = "8.0"
   s.tvos.deployment_target = "9.0"
   # s.watchos.deployment_target = "2.0"
-  s.source   = { :git => "https://github.com/emqtt/CocoaMQTT.git", :tag => "1.0.16"}
+  s.source   = { :git => "https://github.com/emqtt/CocoaMQTT.git", :tag => "1.0.17"}
   s.source_files = "Source/{*.h}", "Source/*.swift"
   s.dependency "CocoaAsyncSocket", "~> 7.5.1"
   s.dependency "SwiftyTimer", "~> 2.0.0"
diff --git a/README.md b/README.md
@@ -76,6 +76,26 @@ mqtt.connect()
 
 ```
 
+## SSL Secure
+
+1. One-way certification
+
+No certificate is required locally.
+If you want to trust all untrust CA certificates, you can do this:
+
+```swift
+mqtt.allowUntrustCACert = true
+```
+
+2. Two-way certification
+
+Need a .p12 file which is generated by a public key file and a private key file. You can generate the p12 file in the terminal:
+
+```
+openssl pkcs12 -export -clcerts -in client-cert.pem -inkey client-key.pem -out client.p12
+```
+
+
 
 CocoaMQTT
 ==========
diff --git a/Source/CocoaMQTT.swift b/Source/CocoaMQTT.swift
@@ -162,6 +162,7 @@ open class CocoaMQTT: NSObject, CocoaMQTTClient, CocoaMQTTFrameBufferProtocol {
     // ssl
     open var enableSSL = false
     open var sslSettings: [String: NSObject]?
+    open var allowUntrustCACertificate = false
     
     // subscribed topics. (dictionary structure -> [msgid: [topicString: QoS]])
     open var subscriptions: [UInt16: [String: CocoaMQTTQOS]] = [:]
@@ -329,7 +330,11 @@ extension CocoaMQTT: GCDAsyncSocketDelegate {
         
         if enableSSL {
             if sslSettings == nil {
-                sock.startTLS(nil)
+                if allowUntrustCACertificate {
+                    sock.startTLS([GCDAsyncSocketManuallyEvaluateTrust: true as NSObject]) }
+                else {
+                    sock.startTLS(nil)
+                }
             } else {
                 sslSettings![GCDAsyncSocketManuallyEvaluateTrust as String] = NSNumber(value: true)
                 sock.startTLS(sslSettings!)
