HI, Is there any way to workaround the new iOS 13 TLS policies checking for TLS server cert validity for 825 days and so on? Can we override the TLS validation using Secure Transport to manually trust such certificate of longer validity that this limit and others such as SAN requirement (I think SAN we can override using SecPolicyCreateSSL())? Thanks.
My answer depends on what level you’re working at:
Based on your other thread, it sounds like you’re working in a managed environment. In that case you’ll probably want to avoid customising TLS server trust evaluation at the API level, but rather customise it using MDM. I don’t know if there’s an MDM option for this. We’re usually pretty good about providing such options — for example, you can custom certificate transparency enforcement using the com.apple.security.certificatetransparency payload — but these facilities are supported by Apple Support, not DTS.
At an API level, most of the APIs that use TLS provide some way to customise TLS server trust evaluation, and such mechanisms usually let you disable TLS server trust evaluation completely, so clearly this is possible. However, it’s certainly not a good idea, as I explained in my response on your other thread.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"