-
Notifications
You must be signed in to change notification settings - Fork 301
SSL
If your application uses the Couchbase Lite Listener to accept incoming connections, so that peers can access or replicate with your app's database, it's easy to support SSL. This will improve security and privacy by encrypting the network traffic.
Generally the biggest headache in setting up an SSL server is getting a certificate. A certificate used by a website will be signed by a Certificate Authority (CA) that can vouch for its identity. This involves creating a certificate request, submitting it to the authority, doing some sort of challenge/response that lets the authority verify that you own the domain in question, receiving the signed certificate, and then installing it in your server.
Fortunately, for our purposes we don't need that. Identity is a complicated topic, and it's hard to say how a mobile device should identify itself. So we'll put that out of the way and just focus on encryption. For that, any certificate will do, even a so-called self-signed one. Creating a self-signed certificate is just a simple matter of programming, specifically generating an RSA key-pair and wrapping the public key in an X.509 certificate. Couchbase Lite (as of version 1.1, or the master branch as of 8 Dec 2014) can do that for you.
We assume you've already instantiated a CBLListener object. Before calling its -start method, configure its SSL identity like so:
NSError* error;
if (![listener setAnonymousSSLIdentityWithLabel: @"MyApp SSL" error: &error])
[self handleError: error];That's it. Your listener is now serving SSL using an automatically generated identity. (The label string is unimportant; it's just used to store and look up the certificate in the app's Keychain.)