Our software communicates with devices on local network that have self signed certificates that our software can independently verify. However there doesn't seem to be a way to get this working with ATS, as canAuthenticateAgainstProtectionSpace and didReceiveAuthenticationChallenge are never called.
Correct. If the server is in a domain with ATS enabled, the connection will fail before these delegate callbacks are issued.
We have no other options than using self signed certificates for the devices so right now the only option is to disable ATS completely. Is there anything else we can do?
If you always connect to the device via its .local name, you can disable ATS for just that domain. That’s better than disabling ATS entirely.
Alternatively, if the server can be in any domain, you could disable ATS entirely and then re-enable it for specific domains of interest to your app.
There is not, alas, a way to disable ATS for something like ‘local IP addresses’. This has been discussed in depth in another DevForums thread.
Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"