Playgrounds with custom Root Certification?

Question

Anybody know if it's possible to get Playgrounds (and, I'm guessing, Live Previews) to enable full trust got a root certificate, like we can do in the Simulator?

My company's experimenting with a new security platform that involves installing a root certificate. So, any https requests we're making in that render in Xcode are failing.

The root cert's already in Keychain and available for general use on Mac.

1.3k

Posted by

jablair

Reply

Add a Comment

Answer 1

This type of testing it usually done on a real device to produce the best results. Is there a specific need to do this from a Playground that I am overlooking here?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Posted by

meaton

Add a Comment

Answer 2

I'm talking about things like loading an image or a JSON file from a remote resource. So, quickly prototyping an idea or running a Live Preview for a SwiftUI view. The sort of logic we'd eventually move to the app for integration but want to quickly validate without the overhead of being in a full app.

Posted by

jablair

Add a Comment

Answer 3

Okay, thank you for confirming. Are you doing this from a Playground on iOS or macOS? The reason I am asking is because you mentioned that Root Certificate is already installed and available in the Keychain for use on the Mac and I just want to verify because I 'd expect this to work if the Playground was run on macOS.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Posted by

meaton

Add a Comment

Answer 4

I'm running the Playground on the Mac. It's an UIKit playground. The same thing happens if I run the the request as part of a SwiftUI Live Preview in Xcode for an iOS app.

If I run the same code in a macOS/AppKit Playground, it apparently picks cert from the Keychain and executes successfully.

I'm not doing anything fancy with the URL request for this example.

Code Block swift        let url = URL(string: "https://twitter.com/slashkevin/status/1285945904835559426")!
        let task = URLSession.shared.dataTask(with: url) { data, response, error in
            if let error = error {
                print(error)
            }
            if let response = response {
                print(response)
            }
        }
        task.resume()

Posted by

jablair

Add a Comment

Answer 5

It's odd that when running on macOS that you are not able to access items in the Keychain if they are trusted. I think you should get this down in a bug report down here for this. Please follow up on this thread with the Feedback ID.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Posted by

meaton

Add a Comment

Answer 6

Thanks, filed. FB8135652

Posted by

jablair

Add a Comment

Answer 7

Thank you for opening the bug report. I found it internally and copied myself on it for further updates. I see your bug has a reference to DTK Seed. Is this only reproducible on the DTK?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Posted by

meaton

Add a Comment

Answer 8

Sorry, I missed your question on this Matt.

No, it's not at all related to the DTK. I don't know where that would've come from, I'm not running the DTK hardware.

Posted by

jablair

Add a Comment

Answer 9

This is 2023, FYI this problem is yet to be solved. As of the time of this comment, I am currently using Xcode 14.3

Posted by

Macmartinz

Add a Comment

Answer 10

My understanding of this issue in that it affects folks who:

Are on macOS
Have created an iOS playground

Does that match your situation?

If so, the simplest workaround is to create a macOS playground. That’ll use the macOS networking stack, and should honour the root that you added to macOS. Will that work for you?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

Add a Comment

Playgrounds with custom Root Certification?

Replies