On 3 Dec 2015, at 02:00, Kevin Yu <kevi...@draytek.com> wrote: > After checked the result of SecTrustCopyProperties, it shows Root certificate > is not trusted. Since it is a self-signed certificate, how can I change the > SecPolicy’s ValidRoot to false in order to bypass the checking?
You can apply a custom anchor to a trust object using SecTrustSetAnchorCertificates. That should work with a self-signed certificate, that is, you pass the same certificate to SecTrustCreateWithCertificates and SecTrustSetAnchorCertificates. However, I generally recommend against using self-signed certificates. It's better, IMO, to always use a certificate issued by a CA. If you need one during testing, you can set up your own CA. Technote 2326 "Creating Certificates for TLS Testing" describes how. <https://developer.apple.com/library/mac/technotes/tn2326/_index.html> If you install the CA's root on your device, the trust object should evaluate successfully without any special intervention on your part. > Another issue is when debug the network extension, I can’t print message out > to the Xcode console, the only way I can do is setup breakpoint and check the > value of variables manually. any other good way to debug network extension > code? Have you tried NSLog? Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
