Thanks for your quick response, Quinn.
It sounds like you’re trying to implement some sort of STARTTLS mechanism, right?
I think its correct. At first, we connect via TCP protocol, after that we will use TLS to make it secured.
I have tried to use Security to handle get the SSL context by using: SSLCreateContext but It is deprecated in macOS 13.0.
Did you have any clue to apply this protocol in NWConnection?
Post
Replies
Boosts
Views
Activity
Hi Quinn, sorry for my late reply and this is my update.
I tried with the code below and received the same error in the question.
I am afraid I can't pass .tls to NWConnection for connection because the host address does not have https or wss at the beginning and the sec_protocol_options_set_verify_block callback wasn't triggered.
I tried putting https or wss at the beginning of the host but unfortunately, it couldn't connect.
class ViewModel {
var connection: NWConnection?
func connect() {
let connection = NWConnection(host: "XX.X.***.XX", port: 1515, using: createTLSParameters(allowInsecure: true, queue: .main))
self.connection = connection
connection.stateUpdateHandler = { newState in
print("newState \(newState)")
}
connection.start(queue: .main)
}
func createTLSParameters(allowInsecure: Bool, queue: DispatchQueue) -> NWParameters {
let tlsOptions = NWProtocolTLS.Options()
sec_protocol_options_set_verify_block(tlsOptions.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) in
let trust = sec_trust_copy_ref(sec_trust).takeRetainedValue()
var error: CFError?
if SecTrustEvaluateWithError(trust, &error) {
sec_protocol_verify_complete(true)
} else {
if allowInsecure == true {
sec_protocol_verify_complete(true)
} else {
sec_protocol_verify_complete(false)
}
}
}, queue)
return NWParameters(tls: tlsOptions)
}
}
let viewModel = ViewModel()
viewModel.connect()
I did some research and I think my issue might be similar to this question in this link.
Because that question was posted 4 years ago so do you have any updates on that issue and can we switch from TCP to TLS now?
Thanks for your response!
Is that right?
Yes, that's right.
Is the protocol in step 2 something custom? Or something defined by an Internet standard?
In step 2, the client just waits for a response from the Server and checks that response contains "START<>" to start the TLS protocol.
Could we get sec_trust from the server for verification by using this function sec_protocol_options_set_verify_block(tlsOptions.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) ?
Thanks for your response!
I tried using AEDeterminePermissionToAutomateTarget but got no response on Xcode Version 15.2 (15C500b) and MacOS 13.5.
I think my app has a similar issue to this thread https://developer.apple.com/forums/thread/666528.
I would like to check permission before running Apple Script from my app so I use my Bundle.main.bundleIdentifier in determinePermission() function.
Here is my code, check() function and request() function does not return anything :
protocol AppAccess {
typealias Status = AppAccessStatus
func check() -> Status
func request() -> Status
}
enum AppAccessStatus {
case granted, denied, requiresConsent, notRunning, unknown(Int)
}
class AppAccessImpl: AppAccess {
func check() -> Status {
guard #available(OSX 10.14, *) else {
return .granted
}
return determinePermission(ask: false)
}
func request() -> Status {
guard #available(OSX 10.14, *) else {
return .granted
}
return determinePermission(ask: true)
}
@available(OSX 10.14, *)
private func determinePermission(ask: Bool) -> Status {
let errAEEventWouldRequireUserConsent = OSStatus(-1744)
if var addressDesc = NSAppleEventDescriptor(bundleIdentifier: Bundle.main.bundleIdentifier ?? "").aeDesc?.pointee {
let appleScriptPermission = AEDeterminePermissionToAutomateTarget(&addressDesc, typeWildCard, typeWildCard, ask)
AEDisposeDesc(&addressDesc)
switch appleScriptPermission {
case noErr: return .granted
case OSStatus(errAEEventNotPermitted): return .denied
case errAEEventWouldRequireUserConsent: return .requiresConsent
case OSStatus(procNotFound):
return .notRunning
default: return .unknown(Int(appleScriptPermission))
}
}
return .unknown(-999)
}
}
Can you help to take a look? Thanks a lot!