Re: kCFStreamPropertySSLSettings
Re: kCFStreamPropertySSLSettings
- Subject: Re: kCFStreamPropertySSLSettings
- From: Jens Alfke <email@hidden>
- Date: Fri, 22 Jul 2016 16:41:56 -0700
> On Jul 22, 2016, at 2:46 AM, Gerriet M. Denkmann <email@hidden> wrote:
>
> When it gets some streams it will show a panel:
> “MyApp wants to sign using key “something” in your keychain” / “Allow” “Deny”
Presumably this app is either acting as an SSL server, or is sending SSL clients. Either of those roles involves signing data using the private key associated with the certificate, to prove you own it. If the app hasn’t previously used that private key, the Keychain will ask your permission to let the app use it. That’s the alert. Then it updates the key’s access control list to remember your app has access. But this access is (usually) invalidated when the app binary is modified, so you’ll (usually) see the alert again if you modify the app and run it again.
> The problem: sometimes I do NOT get this panel, and the app behaves as if I had clicked “Deny”.
Huh. Had you previously denied the alert? Maybe the security framework hasn’t noticed that the app changed and is still using the old Deny permission set before.
> Where is this info: < “MyApp is allowed to use key “something”> stored?
In the Keychain item for that key. You can look at and modify the permissions in the Keychain Access app.
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden