Post

Replies

Boosts

Views

Activity

What is the reason for NSURLSession Trust evaluation fail
Hi All: Our use NSURLSession dataTaskWithRequest to connect our https server, However, in one macOS, sometimes, we encounter these error when TLS handshake. default 2024-06-24 17:52:03.054447 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client read_server_certificate info 2024-06-24 17:52:03.054462 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054552 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054557 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] info 2024-06-24 17:52:03.054590 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: waiting for data to read [2] default 2024-06-24 17:52:03.054769 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client read_certificate_status default 2024-06-24 17:52:03.054773 +0900 test-app boringssl_context_info_handler(2069) [C1209.1.1:2][0x7f9067117b10] Client handshake state: TLS client verify_server_certificate default 2024-06-24 17:52:03.055123 +0900 test-app boringssl_context_evaluate_trust_async(1635) [C1209.1.1:2][0x7f9067117b10] Performing external trust evaluation default 2024-06-24 17:52:03.055308 +0900 test-app boringssl_context_evaluate_trust_async_external(1620) [C1209.1.1:2][0x7f9067117b10] Asyncing for external verify block info 2024-06-24 17:52:03.055316 +0900 test-app boringssl_session_handshake_incomplete(97) [C1209.1.1:2][0x7f9067117b10] Handshake incomplete: certificate evaluation result pending [16] default 2024-06-24 17:52:03.055466 +0900 test-app Connection 1209: asked to evaluate TLS Trust default 2024-06-24 17:52:03.056082 +0900 test-app Task <407E11A6-12E8-4818-82B4-BC5B4909130F>.<1405> auth completion disp=1 cred=0x0 default 2024-06-24 17:52:03.064388 +0900 test-app Trust evaluate failure: [leaf SSLHostname TemporalValidity] default 2024-06-24 17:52:03.064390 +0900 test-app System Trust Evaluation yielded status(-9802) error 2024-06-24 17:52:03.064392 +0900 test-app ATS failed system trust error 2024-06-24 17:52:03.064393 +0900 test-app Connection 1209: system TLS Trust evaluation failed(-9802) default 2024-06-24 17:52:03.064393 +0900 test-app Connection 1209: TLS Trust result -9802 error 2024-06-24 17:52:03.064395 +0900 test-app Connection 1209: TLS Trust encountered error 3:-9802 error 2024-06-24 17:52:03.064397 +0900 test-app Connection 1209: encountered error(3:-9802) default 2024-06-24 17:52:03.064400 +0900 test-app Connection 1209: cleaning up default 2024-06-24 17:52:03.064404 +0900 test-app Connection 1209: summary for unused connection {protocol="(null)", domain_lookup_duration_ms=0, connect_duration_ms=0, secure_connection_duration_ms=0, private_relay=false, idle_duration_ms=0} default 2024-06-24 17:52:03.064438 +0900 test-app [C1209 63DEF1F8-AC5F-4285-B32B-D3AE707C513A Hostname#229f20b3:443 tcp, url hash: 693c58e9, tls, definite, attribution: developer] cancel I found TLS Trust evaluation failed(-9802) this error. I checked server's certificate, it is ok. On this macOS, this issue happens sometimes, not always. Thanks for your feedback.
1
0
463
Jul ’24
Observe NSDistributedNotification in launch daemon process
I have used [[NSDistributedNotificationCenter defaultCenter] addObserver in process AA to listen notification from other process BB, It works fine. But when make the observer process AA as a launch daemon (which is started by launchd), It found below difference. If run process BB as root privilege, AA can not receive notification posted by BB. If make process BB as a launch daemon, AA can receive notification posted by BB. What was happened in above difference, It can not find any document about this, Thanks.
3
0
654
Apr ’24
Why dlopen failed on some macOS
Hi All: I use dlopen to load a dylib on macOS, It woks fine. Recently, I received one customer report bug, After checked the log, I found that dlopen failed on customer's environment(macOS 13.5.2 22G91) as below load xxxx failed: dlopen(/***/yyy/zzz.dylib, 0x0001): tried: '/***/yyy/zzz.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/***/yyy/zzz.dylib' (no such file), '/***/yyy/zzz.dylib' (no such file) I use full file path to dlopen dylib, and the file is located at there I checked dylib signature, notarization, dependency frameworks, all are valid I got copy and replace customer's dylib into myself environment, It woks fine Customer tried several mac computers, others do not have this problem I am confused about this issue and do not know how to investigate further. Any comments is appreciated.
5
0
1.5k
Oct ’23
Xcodebuild test fail when trigger from jenkins.
Hi. I have use xcodebuild to do some UT testing. It works fine. xcodebuild test -workspace "zzz" -scheme "aaa" -destination "platform=macOS,arch=x86_64" -only-testing "***" -resultBundlePath "yyy" But when I trigger this command from jenkins. It will output below errors, I do not how to fix this issue, Please give some suggestions. Thanks. Underlying Error: Couldn’t communicate with a helper application. Try your operation again. If that fails, quit and relaunch the application and try again. The connection to service on pid 0 named com.apple.testmanagerd.control was invalidated.)) PS. I found this link https://stackoverflow.com/questions/67688130/run-macos-test-cases-on-the-jenkins-pipeline, our jenkins build is already use JNLP authentication. but still have this problem.
1
0
1.7k
Jan ’22
Why security transform failed
Hi. I am following apple document (https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecTransformPG/EncryptionandDecryption/EncryptionandDecryption.html#//apple_ref/doc/uid/TP40010801-CH3-SW1) to implement the encrypt/decrypt with public/private key on macOS. when I add below to set padding SecTransformSetAttribute( &#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; encrypt, &#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; kSecPaddingKey, &#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; kSecPaddingPKCS7Key, &#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; &amp;error); &#9;&#9;if (error) { CFShow(error); exit(-1); } The SecTransformExecute will fail as below. Error Domain=NSOSStatusErrorDomain Code=-2147415748 "The operation couldn’t be completed. (OSStatus error -2147415748 - CSSMERRCSPINVALIDATTRPADDING)" UserInfo=0x6080002750c0 {NSDescription=CSSMERRCSPINVALIDATTRPADDING} Please give some suggestion about this. Thanks.
3
0
579
Aug ’20
NEVPNProtocolIKEv2 identity on MacOS
Hi All: I have implemented a personal VPN on macos. I use NEVPNProtocolIKEv2 to configure IKEv2 protocol. When I set parameter, I am a bit confused with Apple developer documents.As below shown, I set authentication method to certificate, and passed p12 certificate data and password.ikev2.authenticationMethod = NEVPNIKEAuthenticationMethodCertificate; ikev2.identityData = [NSData dataWithContentsOfFile:certificatePath]; ikev2.identityDataPassword = password;However, from Apple documents.In macOS, this property is ignored for NEVPNProtocolIKEv2 and NETunnelProviderProtocol objects. On iOS, this property is ignored for NETunnelProviderProtocol objects. In cases where this property is ignored, the identity should be set using the identityReference property.Even I do not set identityReference, I found I can still connect successful with remote VPN server on MacOS 10.14.6 and MacOS 10.15.3.I have also tried to set all (identityData, identityDataPassword, identityReference) value, It still can connect to server. so what is the meaning document here, should it correct or not?Even current code is work, I think use identityReference is still suggested. Please give your suggestions. Thanks.
2
0
947
Apr ’20