Hi, we're trying to setup a SSL connection over UDP between a client and a server on the Mac.
Therefor we're using the standard Security framework API. The SSL connection requires a client certificate, so that the server can verify the client. We've imported the CA certificate and private key in the keychain and then use`SecItemCopyMatching()` to retreive `SecItemRef` pointers to these keychain items. Then we create a `SSLCreateContext()` and use `SSLSetCertificate()` to set the CA and private key for the SSL context. Additionally we set the`kSSLSessionOptionBreakOnServerAuth` option to handle the server authentication ourselves (which is currently set to always pass). Of course, we also set up the context with a write/read function etc. After setting everything up, we start the handshake with the context `SSLHandshake(context)`. Then, after sending and receiving some data, we receive a `errSSLPeerAuthCompleted` error (for the server validation), which we process by simply calling `SSLHandshake(context)` again.
This is when things become weird. The handshake fails with `errSSLInternal`. So apparently during the client authentication something goes wrong internally and in the console app we see the following output:
default
14:15:58.370192 +0100
App
CSSM Exception: -2147416017 CSSMERR_CSP_ACL_ENTRY_TAG_NOT_FOUND
default
14:15:58.372311 +0100
App
CSSM Exception: -2147416017 CSSMERR_CSP_ACL_ENTRY_TAG_NOT_FOUND
default
14:15:58.374485 +0100
App
caught CssmError: -2147416017 CSSMERR_CSP_ACL_ENTRY_TAG_NOT_FOUND
default
14:15:58.377735 +0100
App
CSSM Exception: 32 CSSM_ERRCODE_OPERATION_AUTH_DENIED
default
14:15:58.380106 +0100
App
CSSM Exception: -2147416032 CSSMERR_CSP_OPERATION_AUTH_DENIED
We're unsure if this is related and we have no idea what this actually means. Do you guys maybe have any hints regarding this issue?
Thanks!