Re: How to use NWTCPConnectionAuthenticationDelegate for self signed certificate
Re: How to use NWTCPConnectionAuthenticationDelegate for self signed certificate
- Subject: Re: How to use NWTCPConnectionAuthenticationDelegate for self signed certificate
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Fri, 04 Dec 2015 09:24:02 +0000
On 3 Dec 2015, at 02:00, Kevin Yu <email@hidden> wrote:
> After checked the result of SecTrustCopyProperties, it shows Root certificate is not trusted. Since it is a self-signed certificate, how can I change the SecPolicy’s ValidRoot to false in order to bypass the checking?
You can apply a custom anchor to a trust object using SecTrustSetAnchorCertificates. That should work with a self-signed certificate, that is, you pass the same certificate to SecTrustCreateWithCertificates and SecTrustSetAnchorCertificates.
However, I generally recommend against using self-signed certificates. It's better, IMO, to always use a certificate issued by a CA. If you need one during testing, you can set up your own CA. Technote 2326 "Creating Certificates for TLS Testing" describes how.
<https://developer.apple.com/library/mac/technotes/tn2326/_index.html>
If you install the CA's root on your device, the trust object should evaluate successfully without any special intervention on your part.
> Another issue is when debug the network extension, I can’t print message out to the Xcode console, the only way I can do is setup breakpoint and check the value of variables manually. any other good way to debug network extension code?
Have you tried NSLog?
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden