Symbol sec_protocol_metadata_get_negotiated_tls_ciphersuite missing from iOS 12 simulator runtimes

Question

Created Jan ’20

Replies 1

Boosts 0

Participants 1

:I rewrote our app to use the new Network framework for TLS communication. We need to support both iOS 13 and iOS 12.4. I am using the function:

sec_protocol_metadata_get_negotiated_tls_ciphersuite(sec_protocol_metadata_t metadata);

to report what type of TLS connection was formed. This function is documented both in the header files and in the online Apple documentation to be available in iOS 12.0+. And yet with the latest XCode (11.3.1) the simulator runtimes for iOS 12 (all of them: 12.0, 12.1, 12.2, and 12.4) do not have this symbol in the runtime library. I get this error reported in the XCode console when my program attempts to use that API:

dyld: lazy symbol binding failed: Symbol not found: _sec_protocol_metadata_get_negotiated_tls_ciphersuite

Referenced from: /Users/derek/Library/Developer/CoreSimulator/Devices/42B90B8A-BF22-40FE-970B-C78E1DD27B6A/data/Containers/Bundle/Application/A22AF4B2-9AD8-4325-B8D5-D8086A0DF7BD/touch.app/touch

Expected in: /Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 12.4.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Security.framework/Security

dyld: Symbol not found: _sec_protocol_metadata_get_negotiated_tls_ciphersuite

Referenced from: /Users/derek/Library/Developer/CoreSimulator/Devices/42B90B8A-BF22-40FE-970B-C78E1DD27B6A/data/Containers/Bundle/Application/A22AF4B2-9AD8-4325-B8D5-D8086A0DF7BD/touch.app/touch

Expected in: /Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 12.4.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Security.framework/Security

I also searched the symbol names in the simulator dynamic library for the Security framework and did indeed discover that they appear to be missing both of the tls metadata functions. Here are the symbols in the iOS 12.4 Security dynamic library starting with "sec_protocol_metadata_get_negot":

nm '/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 12.4.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Security.framework/Security' | grep sec_protocol_metadata_get_negot

000000000003079f t ___sec_protocol_metadata_get_negotiated_ciphersuite_block_invoke

00000000000303ae t ___sec_protocol_metadata_get_negotiated_protocol_block_invoke

00000000000306f0 t ___sec_protocol_metadata_get_negotiated_protocol_version_block_invoke

000000000003070f T _sec_protocol_metadata_get_negotiated_ciphersuite

0000000000030325 T _sec_protocol_metadata_get_negotiated_protocol

0000000000030663 T _sec_protocol_metadata_get_negotiated_protocol_version

Here is the same list for the iOS 13.2 Security dynamic library:

nm /Applications/Xcode.app//Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Security.framework/Security | grep sec_protocol_metadata_get_negot

0000000000021d68 t ___sec_protocol_metadata_get_negotiated_protocol_block_invoke

00000000000225d3 t ___sec_protocol_metadata_get_negotiated_protocol_version_block_invoke

0000000000022682 t ___sec_protocol_metadata_get_negotiated_tls_ciphersuite_block_invoke

0000000000022506 t ___sec_protocol_metadata_get_negotiated_tls_protocol_version_block_invoke

00000000000226a3 T _sec_protocol_metadata_get_negotiated_ciphersuite

0000000000021cdf T _sec_protocol_metadata_get_negotiated_protocol

0000000000022546 T _sec_protocol_metadata_get_negotiated_protocol_version

00000000000225f2 T _sec_protocol_metadata_get_negotiated_tls_ciphersuite

0000000000022478 T _sec_protocol_metadata_get_negotiated_tls_protocol_version

Note the two TLS related ones at the end that are in the 13.2 library, but not the 12.4 library.

My app runs fine with the iOS 13 simulated runtime.

Is this a bug in the simulator?

Or is this a documentation bug?

Most importantly is this function supported on a real iPhone with iOS 12.4?

Boost

Answer 1

dney OP

Jan ’20

I answered my own question about whether this is an issue with actual devices: it is. Got an iOS 12.4 iPhone and tried out my app. It crashes in the same way. I ended up having to work-around this problem by checking the iOS version at run-time and skipping making this call if the iOS version is less than 13. Fortunately for me this call is not critical to functionality -- more of a debugging thing.

However this does point out a lack of testing on Apple's part. They need some automated tests before iOS release to ensure that the actually exported symbols in a framework match the declared information in the header files for the framework. In this case there is a mismatch that is pretty serious as it will cause app crashes when an API that does not exist is called by an app. And I doubt that most app developers test on ALL versions of iOS that they actual "support". Presumably if Apple is not testing this, an accident could cause an API to disappear in a micro iOS update. Maybe they already noticed this and now test all iOS 13 releases in this way -- let's hope so.

0