Post not yet marked as solved
We are trying to configure split tunnel with tunnel routes with the below Tunnel Provider configuration
tunnelProvider.protocolConfiguration.includeAllNetworks = NO; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = YES;
We are adding some IPs in the excludeRoutes[10.168.10.182 and 192.168.10.65]. Please refer the below network settings for VPN
IPv4Settings = {
configMethod = manual
addresses = (
10.168.10.68,
)
subnetMasks = (
255.255.255.255,
)
includedRoutes = (
{
destinationAddress = 0.0.0.0
destinationSubnetMask = 0.0.0.0
},
)
excludedRoutes = (
{
destinationAddress = 192.168.10.65
destinationSubnetMask = 255.255.255.255
},
{
destinationAddress = 10.168.10.182
destinationSubnetMask = 255.255.255.255
},
)
overridePrimary = NO
}
Issue: when we are trying to access excludedRoute's IP [10.168.10.182 and 192.168.10.65] , it's getting tunneled.
Expected Results : excludedRoutes IPs should go via physical interface.
Post not yet marked as solved
[iOS 17] We are trying to configure below Tunnel Provider configuration and we are saving it in NETunnelProviderManager preferences before calling startTunnelWithOptions
tunnelProvider.protocolConfiguration.includeAllNetworks = YES;
tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO;
tunnelProvider.protocolConfiguration.enforceRoutes = NO;
We are adding an IP in the excludeRoutes which belongs to server address[10.97.6.244]. Please refer the below network settings for VPN
IPv4Settings = {
configMethod = manual
addresses = (
10.97.4.188,
)
subnetMasks = (
255.255.255.255,
)
includedRoutes = (
{
destinationAddress = 0.0.0.0
destinationSubnetMask = 0.0.0.0
},
)
excludedRoutes = (
{
destinationAddress = 10.97.6.244
destinationSubnetMask = 255.255.255.255
},
)
overridePrimary = NO
}
Issue: when we are trying to access server address, it's getting tunneled because of that few of our APIs are sending failure and we are unable to connect to VPN.
Expected Results : excludedRoutes IPs should go via physical interface.
STEPS TO REPRODUCE
Configure VPN packet tunnel provider config as mentioned above and add some IPs in excludeRoutes
Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler”
Try to connect to VPN
excludeRoutes are tunneled via VA
Post not yet marked as solved
Requirement: We need to update below tunnel provider properties once VPN is up. Is it possible?
includeAllNetworks
excludeLocalNetworks
enforceRoutes
When is the standard time to configure and save the below properties in system preferences?
Is it possible to save these properties in system preference when VPN is up?
saveToPreferencesWithCompletionHandler
If we can change these properties in VPN connected state, When these tunnel provider properties will come into effect?
Post not yet marked as solved
iOS 17 issue:
I am connecting to VPN connection with configuration as full tunnel which is tunneling all the traffic generated on my device which is expected.
This is for Full Tunnel and Tunnel routes:
//Below is the NEPacketTunnelProvider configuration
tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO;
But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked until I restart the device.
NOTE: This behavior is not seen with iOS 16 and below and things work smooth.
Kindly update as soon as possible.
Post not yet marked as solved
I am connecting to VPN connection with NEPacketTunnelProvider configuration as IncludeAllNetworks=YES;
ExcludeLocalNetwork=NO;
which is tunneling all the traffic generated on my device which is expected.
But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked unless I restart the device. This behavior is not seen with iOS 16 and things work smooth.
Kindly update as soon as possible
Post not yet marked as solved
I am new to security framework.
I want to access items only in dynamic keychain for smartCards. And just user keychains in case of some other scenario.
But SecKeychainOpen,SecKeychainGetPath and SecKeychainCopyDomainSearchList are deprecated. How do I make sure the secItemCopyMatching only looks for items in specific type of keychain.
Post not yet marked as solved
How to programatically access System Root certificates from non admin account ?
The below code throws -25300 error.
NSDictionary *query = @{
(__bridge id)kSecClass: (__bridge id)kSecClassCertificate,
(__bridge id)kSecAttrLabel: @"somelabel",
(__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitAll,
(__bridge id)kSecReturnRef: @YES
};
CFArrayRef result = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
Post not yet marked as solved
I am using secItemCopyMatching API to find certificates in login, system and System root keychain, But it's not returning me System Root certificates. I am new to this, Could you please guide?
NSDictionary *query = @{
(__bridge id)kSecClass: (__bridge id)kSecClassCertificate,
(__bridge id)kSecAttrLabel: @"somelabel",
(__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitAll,
(__bridge id)kSecReturnRef: @YES
};
CFArrayRef result = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
Post not yet marked as solved
I have a internet password stored in my keychain with below details:
Internet Password Item:
Account: user
Server: some Ip address(Let's say w.x.y.z)
Protocol: htpx
But when I use the below code, I receive item not found. But when I remove kSecAttrProtocol attribute from my dictionary, it works. The document says kSecProtocolTypeHTTPProxy corresponds to htpx. Not sure what I am doing wrong, Please guide. I have a dependency on SecProtocolType in my code to look for an internet password in keychain.
https://developer.apple.com/documentation/security/secprotocoltype/ksecprotocoltypehttpproxy/
NSString *account = @"user";
NSString *server = @"w.x.y.z";
SecProtocolType protocol = kSecProtocolTypeHTTPProxy;
NSDictionary *query = @{
(__bridge id)kSecClass: (__bridge id)kSecClassInternetPassword,
(__bridge id)kSecAttrAccount: account,
(__bridge id)kSecAttrServer: server,
(__bridge id)kSecAttrProtocol:@(protocol),
(__bridge id)kSecReturnAttributes: (__bridge id)kCFBooleanTrue,
(__bridge id)kSecReturnData: (__bridge id)kCFBooleanFalse,
(__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitOne
};
CFDictionaryRef result = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
if (status == errSecSuccess) {
NSDictionary *passwordItem = CFBridgingRelease(result);
NSLog(@"Internet Password Item Found:");
} else if (status == errSecItemNotFound) {
NSLog(@"Internet Password Item Not Found");
} else {
NSLog(@"Error retrieving Internet password: %d (%@)", (int)status, CFBridgingRelease(SecCopyErrorMessageString(status, NULL)));
}
Post not yet marked as solved
With the deprecated SecTrustGetResult API , It used to return a cert chain and cert trust status chain as well for each certificate in the chain.
How can we achieve the same using SecTrustGetTrustResult.
for cert chain -> there is an API SecTrustCopyAnchorCertificates to retrieve cert chain
But no API is there to get cert trust chain.
How can we achieve the same?
SecTrustGetResult https://developer.apple.com/documentation/security/1396077-sectrustgettrustresult?language=objc
SecTrustGetTrustResult https://developer.apple.com/documentation/security/1524331-sectrustgetresult/
SecTrustCopyAnchorCertificates
https://developer.apple.com/documentation/security/1401507-sectrustcopyanchorcertificates?language=objc
Post not yet marked as solved
I need to store some data of my application in system keychain which should to accessible to all the users in the system.
Here is the below sample code :
// Create a SecAccessControlRef for a keychain item with access control
SecAccessControlRef accessControl = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlocked,
kSecAccessControlUserPresence,
NULL
);
// Define a query dictionary for a keychain item
NSDictionary *query = @{
(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService: @"MyService",
(__bridge id)kSecAttrAccount: @"MyAccount",
(__bridge id)kSecValueData: [@"MyPassword" dataUsingEncoding:NSUTF8StringEncoding],
(__bridge id)kSecAttrAccessControl: (__bridge_transfer id)accessControl,
};
// Add the keychain item to the default keychain (login keychain)
OSStatus status = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
if (status != errSecSuccess) {
NSLog(@"Error adding keychain item: %d", (int)status);
}
I tried using SecKeychainOpen to access the system keychain but SecKeychainOpen is deprecated and I could not find any equivalent latest API to support that.
SecKeychainRef systemKeychain;
OSStatus status = SecKeychainOpen("/Library/Keychains/System.keychain", &systemKeychain);
if (status != errSecSuccess) {
NSLog(@"Error opening system keychain: %d", status);
} else {
SecAccessControlRef accessControl = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlocked,
kSecAccessControlUserPresence,
NULL
);
NSDictionary *query = @{
(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService: @"MyService",
(__bridge id)kSecAttrAccount: @"MyAccount",
(__bridge id)kSecValueData: [@"MyPassword" dataUsingEncoding:NSUTF8StringEncoding],
(__bridge id)kSecUseKeychain: (__bridge id)systemKeychain,
(__bridge id)kSecAttrAccessControl: (__bridge_transfer id)accessControl,
};
// Add the keychain item to the system keychain
status = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
if (status != errSecSuccess) {
NSLog(@"Error adding keychain item to system keychain: %d", (int)status);
}
if (systemKeychain) {
CFRelease(systemKeychain);
}
}
ANY suggestions will be helpful, Please help!
Post not yet marked as solved
Why kVK_F2 is not equivalent to constant NSF2FunctionKey for F2 key press event, What is equivalent constant of kVK_F2, since carbon framework is deprecated.
When I printed the keyCode, The [Event keyCode] against NSF2FunctionKey is 63237(0xF705) whereas for kVK_F2, it prints is 120 which is 0x78. 0x78 seems to be the standard keyboard value for F2 key.
Sample code :
//@property (nonatomic, strong) id eventMonitor;
NSEvent* (^handler)(NSEvent*) = ^(NSEvent *theEvent) {
NSEvent *result = theEvent;
NSUInteger flags = [theEvent modifierFlags] & NSEventModifierFlagDeviceIndependentFlagsMask;
if ((flags & NSEventModifierFlagFunction) && (flags & NSEventModifierFlagCommand) && ([theEvent keyCode] == NSF2FunctionKey)) {
NSLog(@"Command + F2 key pressed.");
}
return result;
};
_eventMonitor = [NSEvent addLocalMonitorForEventsMatchingMask:(NSEventModifierFlagFunction | NSEventMaskKeyDown) handler:handler];
Post not yet marked as solved
I use scode 13 on my local machine and have downloaded xcframeworks and added them manually in my project. I pushed it on github and now when Someone else checks out my branch and have some other xcode version, these frameworks are not building and compilation error is coming for swift compiler. How can I fix it?
Post not yet marked as solved
we use xcrun xcodebuild in sh file to run builds on bamboo machines. recieving the error that swift packages are not supported in legacy build. How to use new build system using xcrun xcodebuild command
Post not yet marked as solved
I'm using a solution based on this :
https://stackoverflow.com/questions/26081543/how-to-tell-at-runtime-whether-an-ios-app-is-running-through-a-testflight-beta-i TLDR, checking if Bundle.main.appStoreReceiptURL?.lastPathComponent == "sandboxReceipt"
But this solution is returning true for isTestFlight even when I build the app in Debug.
Shweta-mittal19.