fix(ios) patch SocketRocket to support WebSocket with TLS 1.3

saghul · saghul · commit da9b2e57fd44 · 2025-03-07T14:32:59.000+01:00
Upstream PR: facebookincubator/SocketRocket#701
diff --git a/ios/Podfile b/ios/Podfile
@@ -97,4 +97,7 @@ post_install do |installer|
       config.build_settings['OTHER_SWIFT_FLAGS'] = '$(inherited) -no-verify-emitted-module-interface'
     end
   end
+
+  # Patch SocketRocket to support TLS 1.3
+  %x(patch Pods/SocketRocket/SocketRocket/SRSecurityPolicy.m -N < patches/ws-tls13.diff)
 end
diff --git a/ios/Podfile.lock b/ios/Podfile.lock
@@ -2209,6 +2209,6 @@ SPEC CHECKSUMS:
   SocketRocket: abac6f5de4d4d62d24e11868d7a2f427e0ef940d
   Yoga: 1dd9dabb9df8fe08f12cd522eae04a2da0e252eb
 
-PODFILE CHECKSUM: 8a3e5d019861b37d4159f2d178cc534be3ac528c
+PODFILE CHECKSUM: 4f6abcf3cec0d9e8e1d5f5d81a35d99adde9ae45
 
 COCOAPODS: 1.16.2
diff --git a/ios/patches/ws-tls13.diff b/ios/patches/ws-tls13.diff
@@ -0,0 +1,15 @@
+diff --git a/SocketRocket/SRSecurityPolicy.m b/SocketRocket/SRSecurityPolicy.m
+index 3759d26e..271477e8 100644
+--- a/SocketRocket/SRSecurityPolicy.m
++++ b/SocketRocket/SRSecurityPolicy.m
+@@ -56,8 +56,8 @@ - (instancetype)init
+ 
+ - (void)updateSecurityOptionsInStream:(NSStream *)stream
+ {
+-    // Enforce TLS 1.2
+-    [stream setProperty:(__bridge id)CFSTR("kCFStreamSocketSecurityLevelTLSv1_2") forKey:(__bridge id)kCFStreamPropertySocketSecurityLevel];
++    // Enforce TLS >= 1.2
++    [stream setProperty:(__bridge id)kCFStreamSocketSecurityLevelNegotiatedSSL forKey:(__bridge id)kCFStreamPropertySocketSecurityLevel];
+ 
+     // Validate certificate chain for this stream if enabled.
+     NSDictionary<NSString *, id> *sslOptions = @{ (__bridge NSString *)kCFStreamSSLValidatesCertificateChain : @(self.certificateChainValidationEnabled) };
