User Profile

Posts

Posts

Post marked as solved
12 Replies
Replied In iOS 13 Mail app not working with Global Proxy
Thanks! That was the source of trouble (described here: https://developer.apple.com/documentation/ios_ipados_release_notes/ios_13_release_notes#3319760)I managed to share my local PAC over http using `python -m SimpleHTTPServer`. Then just reconfigured PAC path as `http://localhost/local_proxy.pac`. (I need this to use mitmproxy)
Post not yet marked as solved
8 Replies
Replied In iOS 13 - SecTrustEvaluate fails with kSecTrustResultRecoverableTrustFailure
Although your certificate has "Common Name", it probably has no "Subject Alternative Name" extension. It turns out that using "Common Name" as host name was deprecated a long time ago.> If a subjectAltName extension of type dNSName is present, that MUST> be used as the identity. Otherwise, the (most specific) Common Name> field in the Subject field of the certificate MUST be used. Although> the use of the Common Name is existing practice, it is deprecated and> Certification Authorities are encouraged to use the dNSName instead.> -- https://tools.ietf.org/html/rfc6125Google already added SAN requirement in Chrome browser in 2017. Looks like iOS 13 now requires "Subject Alternative Name" in order for the certificate to be valid. iOS 12 still uses "Common Name" in case of "Subject Alternative Name" being absent.