• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Unwanted keychain access dialog
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unwanted keychain access dialog

  • Subject: Re: Unwanted keychain access dialog
  • From: Ken McLeod <email@hidden>
  • Date: Wed, 25 Mar 2015 18:06:26 -0700
When you call SecKeychainCreate to create a temporary keychain, its default settings will cause it to automatically lock after 5 minutes. If you then attempt to access an item in this keychain after it has locked, you'll get the unlock dialog.

If you never want this keychain to lock automatically, call SecKeychainSetSettings right after you create it. The fields of the SecKeychainSettings struct you provide should be set like so:

.version = SEC_KEYCHAIN_SETTINGS_VERS1
.lockOnSleep = false
.useLockInterval = false
.lockInterval = INT_MAX


-ken


On Mar 25 2015 02:05 PM, Mitchell Laurren-Ring wrote:
> Hello:
>
> I have an application that runs as a launch agent. This application acts as a websocket server for browser based clients. Because we want to support SSL, this application uses keychain APIs to store certificate/key information. Because we would rather not leave this information on the user’s system (a requirement for which I have no control), we use a temporary keychain. For example, our code to create the keychain looks like this:
>
>
> 	result = SecKeychainOpen(sKeychainPath, &mKeychain);
> 	if (result == 0)
> 	{
> 		result = SecKeychainDelete(mKeychain);
> 		CFRelease(mKeychain);
> 	}
> 	result = SecKeychainCreate(sKeychainPath, strlen(pw), pw, FALSE, NULL, &mKeychain);
>
> And then we call SecKeychainItemImport for the certificate and key for later retrieval and use with the SSL layer.
>
> This works pretty well most times but our QA has observed an intermittent behaviour where a modal dialog will be displayed asking for the keychain password. The text of the dialog is approximately: myapp wants use the “skeychainpath” keychain. Please enter the keychain password.
>
> We’ve seen this occur with OS X versions 10.6, 10.7, 10.9 and 10.10. I’ve tried bracketing the code with calls to SecKeychainGetUserInteractionAllowed but it hasn’t made a difference.
>
>
> Is this a known problem? Is there a way to work around it?
>
>
> /Mick
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Unwanted keychain access dialog (From: Mitchell Laurren-Ring <email@hidden>)

  • Prev by Date: Re: Automatic retries?
  • Next by Date: Re: Automatic retries?
  • Previous by thread: Unwanted keychain access dialog
  • Next by thread: trying to build configd, understanding dns more
  • Index(es):
    • Date
    • Thread