I'm using SecPKCS12Import to import certificates from a p12 file. The code below is how I'm using the function to retrieve the data. It works fine on iOS 10 and 9 but when I run our app on iOS 10.2 it doesn't seem to pull all the certificates needed from the p12 file. I'm using Swift 2.2 and the certificates are not self-signed.
let mainBundle = NSBundle.mainBundle()
let thePath = mainBundle.pathForResource(fileName, ofType: "p12")!
let PKCS12Data: NSData = NSData(contentsOfFile: thePath)!
var items: CFArray?
let optionDict: NSMutableDictionary = [kSecImportExportPassphrase as NSString: "password"]
let sanityCheck = SecPKCS12Import(PKCS12Data, optionDict, &items)
This is what I get on iOS 9 and 10
java<cert(0x7f95e2e256d0) s: ingclient-qa.faps.net i: Network Solutions DV Server CA 2>
<cert(0x7f95e480ee00) s: Network Solutions DV Server CA 2 i: USERTrust RSA Certification Authority>
<cert(0x7f95e480f800) s: USERTrust RSA Certification Authority i: AddTrust External CA Root>
<cert(0x7f95e4830c00) s: AddTrust External CA Root i: AddTrust External CA Root>
This is what I get on iOS 10.2
java<cert(0x7ff62b707ed0) s: ingclient-qa.faps.net i: Network Solutions DV Server CA 2>
<cert(0x7ff62d039c00) s: Network Solutions DV Server CA 2 i: USERTrust RSA Certification Authority>
<cert(0x7ff62d03a600) s: USERTrust RSA Certification Authority i: USERTrust RSA Certification Authority>
If you look at the last certificate on iOS 10.2 example you'll see that s: is set to USERTrust RSA Certification Authority as well as i: but on iOS 9 you can see that i: is set to AddTrust External CA Root. Is there something that I'm doing wrong here?