> macnetworkprog-requ...@lists.apple.com 於 2015年12月2日 上午4:00 寫道: > >> I think we can use the NWTCPConnectionAuthenticationDelegate and it’s >> function evaluateTrustForConnection() to do the trick, however, I did not >> found how to write this function in order to create a SecTrustRef and send >> out via completion handler. > > The intent is that you create a trust object by calling > SecTrustCreateWithCertificates. This takes two input parameters: > > * certificates -- You get this from peerCertificateChain parameter of > -evaluateTrustForConnection:peerCertificateChain:completionHandler:. > > * policies -- For TLS you'd usually create this by calling SecPolicyCreateSSL.
I’ve tried with no luck, here’s my code, any suggestion?
public func evaluateTrustForConnection(connection: NWTCPConnection,
peerCertificateChain: [AnyObject], completionHandler completion: (SecTrust) ->
Void) {
let remoteAddress = connection.remoteAddress as? NWHostEndpoint
let myPolicy = SecPolicyCreateSSL(true, remoteAddress?.hostname)
var possibleTrust: SecTrust?
SecTrustCreateWithCertificates(peerCertificateChain, myPolicy,
&possibleTrust)
if let trust = possibleTrust {
//let's do test by ourself first
/*
var trustResult : SecTrustResultType = 0
SecTrustEvaluate(trust, &trustResult)
print(trustResult) // the result is 5, is it
kSecTrustResultRecoverableTrustFailure?
*/
completion(trust)
}
}
cheers,
Kevin
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
