Post

Replies

Boosts

Views

Activity

Reply to SSL Error 1200 when using domain name, but IP works fine
Ok, so I'm seeing "MissingIntermediate(leaf)" only when using the domain URL. This is the failure case when using the domain in the url: default 09:59:21.541985-0600 XCtests-Dummy-Host Connection 3: enabling TLS default 09:59:21.542007-0600 XCtests-Dummy-Host Connection 3: starting, TC(0x0) default 09:59:21.542031-0600 XCtests-Dummy-Host [C3 2B3E4133-E9E7-4AE3-A31B-56C90388F49F test.iwins.kyrio.com:9443 tcp, url hash: 153e2ccd, tls, context: com.apple.CFNetwork.NSURLSession.{91028BB7-8613-4AB0-9E60-9B7553A0DC92}{(null)}{Y}{2}, proc: BEEF2622-1A02-341A-A97E-9F77BBB13DBE] start default 09:59:21.542071-0600 XCtests-Dummy-Host [C3 test.iwins.kyrio.com:9443 initial path ((null))] event: path:start @0.000s default 09:59:21.542335-0600 XCtests-Dummy-Host [C3 test.iwins.kyrio.com:9443 waiting path (satisfied (Path is satisfied), interface: en5)] event: path:satisfied @0.000s, uuid: AF5E4168-4F47-4B99-A484-4A081223C92F default 09:59:21.542639-0600 XCtests-Dummy-Host [C3 test.iwins.kyrio.com:9443 in_progress resolver (satisfied (Path is satisfied), interface: en5)] event: resolver:start_dns @0.000s default 09:59:21.542685-0600 XCtests-Dummy-Host nw_connection_report_state_with_handler_on_nw_queue [C3] reporting state preparing default 09:59:21.543358-0600 XCtests-Dummy-Host Task C39EAD13-8E45-4227-896A-586B12BA7969.1 setting up Connection 3 default 09:59:21.544702-0600 XCtests-Dummy-Host [C3 test.iwins.kyrio.com:9443 in_progress resolver (satisfied (Path is satisfied), interface: en5)] event: resolver:receive_dns @0.002s default 09:59:21.544841-0600 XCtests-Dummy-Host [C3.1 18.210.100.18:9443 initial path ((null))] event: path:start @0.002s default 09:59:21.545171-0600 XCtests-Dummy-Host [C3.1 18.210.100.18:9443 waiting path (satisfied (Path is satisfied), interface: en5)] event: path:satisfied @0.003s, uuid: E3CD1BD5-256A-4E6E-9E1E-A29F976ACEAD default 09:59:21.545947-0600 XCtests-Dummy-Host [C3.1 18.210.100.18:9443 in_progress socket-flow (satisfied (Path is satisfied), interface: en5)] event: flow:start_connect @0.003s default 09:59:21.583422-0600 XCtests-Dummy-Host [C3 test.iwins.kyrio.com:9443 in_progress resolver (satisfied (Path is satisfied), interface: en5)] event: resolver:receive_dns @0.041s default 09:59:21.598275-0600 runningboardd Invalidating assertion 42771-30114-20288 (target:[applicationcom.cablelabs.XCtests-Dummy-Host:30114]) from originator [applicationcom.cablelabs.XCtests-Dummy-Host:30114] default 09:59:21.614116-0600 XCtests-Dummy-Host nw_socket_handle_socket_event [C3.1:3] Socket received CONNECTED event default 09:59:21.614617-0600 XCtests-Dummy-Host nw_flow_connected [C3.1 18.210.100.18:9443 in_progress socket-flow (satisfied (Path is satisfied), interface: en5)] Transport protocol connected default 09:59:21.615010-0600 XCtests-Dummy-Host [C3.1 18.210.100.18:9443 in_progress socket-flow (satisfied (Path is satisfied), interface: en5)] event: flow:finish_transport @0.072s default 09:59:21.615104-0600 XCtests-Dummy-Host [C3 test.iwins.kyrio.com:9443 in_progress resolver (satisfied (Path is satisfied), interface: en5)] event: flow:finish_transport @0.073s default 09:59:21.615765-0600 XCtests-Dummy-Host boringssl_session_apply_protocol_options_for_transport_block_invoke(1689) [C3.1:2][0x7fd994007720] TLS configured [min_version(0x0303) max_version(0x0304) name(test.iwins.kyrio.com) tickets(false) false_start(false) enforce_ev(false) enforce_ats(false)] default 09:59:21.615888-0600 XCtests-Dummy-Host boringssl_context_info_handler(1821) [C3.1:2][0x7fd994007720] Client handshake started default 09:59:21.616031-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS client enter_early_data default 09:59:21.616127-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS client read_server_hello default 09:59:21.687233-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS 1.3 client read_hello_retry_request default 09:59:21.687321-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS 1.3 client read_server_hello default 09:59:21.687553-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS 1.3 client read_encrypted_extensions default 09:59:21.687627-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS 1.3 client read_certificate_request default 09:59:21.687697-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS 1.3 client read_server_certificate default 09:59:21.687946-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C3.1:2][0x7fd994007720] Client handshake state: TLS 1.3 client read_server_certificate_verify default 09:59:21.688132-0600 XCtests-Dummy-Host boringssl_context_evaluate_trust_async(1510) [C3.1:2][0x7fd994007720] Performing external trust evaluation default 09:59:21.688226-0600 XCtests-Dummy-Host boringssl_context_evaluate_trust_async_external(1495) [C3.1:2][0x7fd994007720] Asyncing for external verify block default 09:59:21.688361-0600 XCtests-Dummy-Host Connection 3: asked to evaluate TLS Trust default 09:59:21.688733-0600 XCtests-Dummy-Host TLS Challenge: method to authenticate is: NSURLAuthenticationMethodServerTrust default 09:59:21.688935-0600 XCtests-Dummy-Host testing server default 09:59:21.689085-0600 XCtests-Dummy-Host container_create_or_lookup_app_group_path_by_app_group_identifier: success default 09:59:21.697484-0600 runningboardd Attempting to rename power assertion 33826 for target applicationcom.cablelabs.XCtests-Dummy-Host to applicationcom.cablelabs.XCtests-Dummy-Host42771-42897-20285:Developer testing(BackgroundUI) default 09:59:21.697494-0600 runningboardd Calculated state for applicationcom.cablelabs.XCtests-Dummy-Host: running-active (role: UserInteractiveNonFocal) default 09:59:21.699529-0600 XCtests-Dummy-Host Task C39EAD13-8E45-4227-896A-586B12BA7969.1 auth completion disp=0 cred=0x600001c182e0 default 09:59:21.703618-0600 trustd cert[1]: MissingIntermediate =(leaf)[force] 0 default 09:59:21.704066-0600 XCtests-Dummy-Host Trust evaluate failure: [root MissingIntermediate] default 09:59:21.704113-0600 XCtests-Dummy-Host System Trust Evaluation yielded status(-9802)
May ’21
Reply to SSL Error 1200 when using domain name, but IP works fine
And this is the success case when using the IP in the url. Everything else is the same, code & cert-wise. default 09:49:16.792469-0600 XCtests-Dummy-Host Connection 4: asked to evaluate TLS Trust default 09:49:16.792756-0600 XCtests-Dummy-Host TLS Challenge: method to authenticate is: NSURLAuthenticationMethodServerTrust default 09:49:16.792927-0600 XCtests-Dummy-Host testing server default 09:49:16.801076-0600 XCtests-Dummy-Host Connection 4: TLS Trust result 0 default 09:49:16.801112-0600 XCtests-Dummy-Host boringssl_context_evaluate_trust_async_external_block_invoke_3(1451) [C4:2][0x7fac4b00f2f0] Returning from external verify block with result: true default 09:49:16.801148-0600 XCtests-Dummy-Host boringssl_context_certificate_verify_callback(1609) [C4:2][0x7fac4b00f2f0] Certificate verification result: OK default 09:49:16.801326-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C4:2][0x7fac4b00f2f0] Client handshake state: TLS 1.3 client read_server_finished default 09:49:16.801398-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C4:2][0x7fac4b00f2f0] Client handshake state: TLS 1.3 client send_end_of_early_data default 09:49:16.801429-0600 XCtests-Dummy-Host boringssl_context_info_handler(1836) [C4:2][0x7fac4b00f2f0] Client handshake state: TLS 1.3 client send_client_certificate default 09:49:16.801503-0600 XCtests-Dummy-Host boringssl_context_certificate_request_callback(1562) [C4:2][0x7fac4b00f2f0] Asyncing for challenge block default 09:49:16.801589-0600 XCtests-Dummy-Host boringssl_context_certificate_request_callback(1562) [C4:2][0x7fac4b00f2f0] Asyncing for challenge block default 09:49:16.801708-0600 XCtests-Dummy-Host Connection 4: asked for TLS Client Certificates
May ’21
Reply to Can't deploy to iPhone (not available, please reconnect the device)
Under Window->Devices and Simulators->(your device) you'll probably see a bunch of warnings: Domain: com.apple.dtdevicekit Code: 601 Recovery Suggestion: To run on this device, please update to a version of Xcode that supports iOS 14.2. You can download Xcode from the Mac App Store or the Apple Developer website. I installed the latest Xcode (12.2) - twice (4 hours) - the first time failed because Xcode was still open, and somehow could not resume. But now it is all working again. At least it didn't force me to upgrade to Big Sur first! I'll bet Xcode 13 will though - beware.
Nov ’20
Reply to Where did Keychain Access Groups entitlements go
I also cannot find the keychain access groups entitlement on the website. I am trying to build the SimpleTunnel example (Network Extensions). I have gone through the usual steps of creating a new appID/bundle identifier and creating a new provisioning certificate. Also creating a new app group, etc. I am down to one last error on the FilterDataProvider, FilterControlProvider and the AppProxy targets. Each has the same error: "Provisioning profile "Simple Tunnel" doesn't match the entitlements file's value for the keychain-access-groups entitlement." In the Developer Portal, I cannot find anywhere to enable this entitlement, either in the AppID section or the Profile section.
Oct ’20