I apologise for being a bit wishy-washy here; I have limited direct experience with certificate transparency (CT). If you want definitive answers, open a DTS tech support incident so that I can allocate time to research this properly.
I believe that modern versions of iOS will do a CT evaluation for every TLS connection, and will fail the connection if CT indicates a problem. You don’t need to set
NSRequiresCertificateTransparencyto get that. Rather,
NSRequiresCertificateTransparencytells the system to require CT, that is, fail your request if CT can’t be done at all.
Also, you may be able to get more info about the CT state by overriding HTTPS server trust evaluation and looking at the
kSecTrustCertificateTransparencyproperty of the trust result.
Share and Enjoy
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"