Re: How to use NWTCPConnectionAuthenticationDelegate for self signed certificate

Sun, 06 Dec 2015 21:41:04 -0800 

> macnetworkprog-requ...@lists.apple.com 於 2015年12月5日 上午4:00 寫道:
> 
>> 
>> After checked the result of SecTrustCopyProperties, it shows Root 
>> certificate is not trusted. Since it is a self-signed certificate, how can I 
>> change the SecPolicy’s ValidRoot to false in order to bypass the checking?
> 
> You can apply a custom anchor to a trust object using 
> SecTrustSetAnchorCertificates. That should work with a self-signed 
> certificate, that is, you pass the same certificate to 
> SecTrustCreateWithCertificates and SecTrustSetAnchorCertificates.
> 
> However, I generally recommend against using self-signed certificates.  It's 
> better, IMO, to always use a certificate issued by a CA.  If you need one 
> during testing, you can set up your own CA.  Technote 2326 "Creating 
> Certificates for TLS Testing" describes how.
> 
> <https://developer.apple.com/library/mac/technotes/tn2326/_index.html>
> 
> If you install the CA's root on your device, the trust object should evaluate 
> successfully without any special intervention on your part.

Thanks a lot, it works now!

> 
>> Another issue is when debug the network extension, I can’t print message out 
>> to the Xcode console, the only way I can do is setup breakpoint and check 
>> the value of variables manually. any other good way to debug network 
>> extension code?
> 
> Have you tried NSLog?

Yes, I’ve used NSLog just like the sample code (SimpleTunnel) do:
If I did not debug network extension, I can see container app’s message on the 
console.
if I try to debug network extension, when I use “Attach to Process by PID or 
Names…”, nothing shows on the console, even container app did not show message 
either.

cheers,
Kevin

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (Macnetworkprog@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to