Hi,
I would like to ask one question in regards to HTTP status code 403 request with client certificate authentication challenge.
So, I was implementing a solution that requires mutusl TLS which will set the delegate responded to the client identity authentication challenge, and experienced the issue when the request fails with 403, the iOS SDK returns the error NSURLErrorClientCertificateRequired rather than the error that was actually returned from the server side.
I found the thread in the forum that explains the exactly the same issue, but would like to clarify few more things here.
From my experiment, what I found is that this behaviour only happens for the first 5 or 10 minutes of NSURLSession's session.
For example, I will get the NSURLErrorClientCertificateRequired only for the first five or ten minutes, and after that, I am receiving the expected error message from the server side.
This reminds me of TLS caching issue back in iOS 9 or below with NSURLConnection and NSURLSession (which resolves by re-contructing NSURLSession object); however, in this case, it is not simple to reconstruct the NSURLSession object based on the response from the server side.
Was this officially reported or known to Apple as a bug? or is this kind of expected behaviour? Is there any official statement from Apple acknowledging this issue (like known-issues)? Can you help me direct to places where I can find this information, if any?
Thanks,