I don’t know. In situations like this I usually look up the details in the iOS Security document (you can find a link to it in the Security Resources pinned post), but it doesn’t cover this specifically. I encourage you to file a bug against that doc to cover this issue.
Please post your bug number, just for the record.
One option here is to download the certificate chain from the server and then write a tiny test program that does trust evaluation on it. If that trust evaluation fails, it’s unlikely that the AVFoundation HTTPS client is going to work.
So:
Download the certificates from the server and save them in DER format.
Create certificate objects from that data (
SecCertificateCreateWithData
). If things fail at this point, that’s a clear indication that these certificates aren’t supported.Create a trust object from those certificates (
SecTrustCreateWithCertificates
). Start with a basic X.509 policy (SecPolicyCreateBasicX509
), which is the most forgiving.Evaluate trust on that (
SecTrustEvaluate
).Look at the resulting trust result and, if necessary, the result of
SecTrustCopyProperties
and SecTrustCopyResult
.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"