Re: kCFStreamPropertySSLSettings
Re: kCFStreamPropertySSLSettings
- Subject: Re: kCFStreamPropertySSLSettings
- From: Alastair Houghton <email@hidden>
- Date: Mon, 25 Jul 2016 09:30:09 +0100
> On 23 Jul 2016, at 00:41, Jens Alfke <email@hidden> wrote:
>
>
>> On Jul 22, 2016, at 2:46 AM, Gerriet M. Denkmann <email@hidden> wrote:
>>
>> When it gets some streams it will show a panel:
>> “MyApp wants to sign using key “something” in your keychain” / “Allow” “Deny”
>
> Presumably this app is either acting as an SSL server, or is sending SSL clients. Either of those roles involves signing data using the private key associated with the certificate, to prove you own it. If the app hasn’t previously used that private key, the Keychain will ask your permission to let the app use it. That’s the alert. Then it updates the key’s access control list to remember your app has access. But this access is (usually) invalidated when the app binary is modified, so you’ll (usually) see the alert again if you modify the app and run it again.
Unless, of course, the application is signed with a suitable certificate, in which case the access will be maintained, *provided* the application’s signature remains valid (which it won’t on some subset of machines because of people using badly written language stripping software that breaks the signature on your bundle by tampering with it---particularly MacKeeper’s implementation which appears to be automatic).
I’d make sure that your application is code signed. It makes it very much less tedious to develop or use.
Kind regards,
Alastair.
--
http://alastairs-place.net
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden