Openssl is a useful library written in C that implements TLS, SSL and a few useful cryptographic functions. It's not included by default on iOS, but with a little shell scripting you can build and embed it in an app pretty easy. Without further ado, here are all the steps on how to do it in your favorite Terminal: Embedding the library in an app works by dragging the two .a files into the project and setting the header search paths to point at the newly created header files.Everything worked fine until line 15 where the files are compiled. The tar that was downloaded was not "openssl-1.0.1f" but rather "openssl-1.0.1e" (you can see that in line 6, but that's not what is downloaded). So I needed to open up that script and edit line 7 to be LIB_NAME="openssl-1.0.1e". This worked like a charm. It took about 10-15 minutes for the compile, but then I had the libssl.a and libcrypto.a files compiled! Yay! I then copied them into by "lib" directory within the xcode project and then dropped them into the "Link Binaries With Libraries" section of "Build Phases" found in the project settings.
Tuesday, February 11, 2014
How to build openssl for iOS
I've been working on an app for iOS that requires a connection to https (ssl). This works great, but I've recently become aware of the all too daunting man-in-the-middle attack. This happens when the iOS app does not compare a hashed version of the ssl certificate against the server's certificate and just checks that the certificate has been signed. This allows a sniffer to intercept your request, and attach a proxy server to the iOS app's request, thus becoming the man-in-the-middle between you're communication with the server. They then have access to all the data you and the server send. Fortunatly, there is a verification process for the certificate that requires use of openssl for iOS. The problem is that openssl is not readily available for iOS... [enter stage "compile it yourself"].
It's not that difficult to compile openssl for yourself
I followed this tutorial on the subject, but straight out of the box, it didn't compile, so I had to make a few modifications. Those modifications are what I'm documenting:
Here's what that tutorial has:
Subscribe to:
Posts (Atom)