• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: kCFStreamPropertySSLSettingC
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kCFStreamPropertySSLSettingC

  • Subject: Re: kCFStreamPropertySSLSettingC
  • From: "Gerriet M. Denkmann" <email@hidden>
  • Date: Mon, 25 Jul 2016 20:47:17 +0700
> On 25 Jul 2016, at 15:30, Alastair Houghton <email@hidden> wrote:
>
>
>> On 23 Jul 2016, at 00:41, Jens Alfke <email@hidden> wrote:
>>
>>
>>> On Jul 22, 2016, at 2:46 AM, Gerriet M. Denkmann <email@hidden> wrote:
>>>
>>> When it gets some streams it will show a panel:
>>> “MyApp wants to sign using key “something” in your keychain” / “Allow” “Deny”
>>
>> Presumably this app is either acting as an SSL server, or is sending SSL clients. Either of those roles involves signing data using the private key associated with the certificate, to prove you own it.  If the app hasn’t previously used that private key, the Keychain will ask your permission to let the app use it. That’s the alert. Then it updates the key’s access control list to remember your app has access. But this access is (usually) invalidated when the app binary is modified, so you’ll (usually) see the alert again if you modify the app and run it again.
>
> Unless, of course, the application is signed with a suitable certificate, in which case the access will be maintained, *provided* the application’s signature remains valid (which it won’t on some subset of machines because of people using badly written language stripping software that breaks the signature on your bundle by tampering with it---particularly MacKeeper’s implementation which appears to be automatic).
>
> I’d make sure that your application is code signed.  It makes it very much less tedious to develop or use.

This sounds like very good advice.

I looked at “Code Signing Identity” and found the following choices:

Don’t Code Sign (currently selected)
Automatic
	Mac Developer
	Mac Distribution
	Developer ID: *
Identities in Keychain
	Gerriet M. Denkmann
	iPhone Developer Gerriet …. (Zxyz…)
	Mac Developer Gerriet…(Zxyz…)
Other…

What would be the right thing to choose?

Kind regards,

Gerriet.


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: kCFStreamPropertySSLSettingC
      • From: Jens Alfke <email@hidden>
References: 
 >kCFStreamPropertySSLSettings (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: kCFStreamPropertySSLSettings (From: Jens Alfke <email@hidden>)
 >Re: kCFStreamPropertySSLSettings (From: Alastair Houghton <email@hidden>)

  • Prev by Date: Re: kCFStreamPropertySSLSettings
  • Next by Date: awakeFromFetch behaviour change in 10.12?
  • Previous by thread: Re: kCFStreamPropertySSLSettings
  • Next by thread: Re: kCFStreamPropertySSLSettingC
  • Index(es):
    • Date
    • Thread