1 Reply
      Latest reply: Feb 16, 2017 1:09 AM by eskimo RSS
      Jc.1stPay Level 1 Level 1 (0 points)

        I'm using SecPKCS12Import to import certificates from a p12 file. The code below is how I'm using the function to retrieve the data.  It works fine on iOS 10 and 9 but when I run our app on iOS 10.2 it doesn't seem to pull all the certificates needed from the p12 file.  I'm using Swift 2.2 and the certificates are not self-signed.

         

         

        
        let mainBundle = NSBundle.mainBundle()
        let thePath = mainBundle.pathForResource(fileName, ofType: "p12")!
        
        let PKCS12Data: NSData = NSData(contentsOfFile: thePath)!
        
        var items: CFArray?
        let optionDict: NSMutableDictionary = [kSecImportExportPassphrase as NSString: "password"]
        let sanityCheck = SecPKCS12Import(PKCS12Data, optionDict, &items)
        
        

         

        This is what I get on iOS 9 and 10

        java

        <cert(0x7f95e2e256d0) s: ingclient-qa.faps.net i: Network Solutions DV Server CA 2>

        <cert(0x7f95e480ee00) s: Network Solutions DV Server CA 2 i: USERTrust RSA Certification Authority>

        <cert(0x7f95e480f800) s: USERTrust RSA Certification Authority i: AddTrust External CA Root>

        <cert(0x7f95e4830c00) s: AddTrust External CA Root i: AddTrust External CA Root>

         

        This is what I get on iOS 10.2

        java

        <cert(0x7ff62b707ed0) s: ingclient-qa.faps.net i: Network Solutions DV Server CA 2>

        <cert(0x7ff62d039c00) s: Network Solutions DV Server CA 2 i: USERTrust RSA Certification Authority>

        <cert(0x7ff62d03a600) s: USERTrust RSA Certification Authority i: USERTrust RSA Certification Authority>

         

        If you look at the last certificate on iOS 10.2 example you'll see that s: is set to USERTrust RSA Certification Authority as well as i: but on iOS 9 you can see that i: is set to AddTrust External CA Root.  Is there something that I'm doing wrong here?

        • Re: SecPKCS12Import not importing all certificates on iOS 10.2
          eskimo Apple Staff Apple Staff (5,995 points)

          How is this log output generated?  You don’t show the logging in your code snippet, which leaves me kinda confused as to how the two connect.

          Can you post an example .p12 that exhibits the changed behaviour?  Either put it on a file sharing site and post the URL (that’ll take moderator approval, but I can sort that out) or post a hex dump.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"