Post not yet marked as solved
Hello! I'm playing around with QUIC and Swift and using the Network framework. So far, the process has been really straightforward, but I noticed that I can't seem to get a handle on the stream with identifier 0.
If I use NWConnection directly, I only have access to the first stream, which has the stream ID 0. This not what I want since I wanna use multiple streams. Following the documentation, I started using NWMultiplexGroup and starting a NWConnectionGroup with it.
Everything works fine and I can get all streams that my backend service opens using NWMultiplexGroup's newConnectionHandler property. However, whenever backend sends a message on stream_id 0, none of my connections receive it. Looking around with
connection.metadata(definition: NWProtocolQUIC.definition) as? NWProtocolQUIC.Metadata
for each connection, I see that all streams are accounted for except stream 0. Then, using the NWConnectionGroup variant of the above
connectionGroup.metadata(definition: NWProtocolQUIC.definition) as? NWProtocolQUIC.Metadata
I see that the connection group itself has Stream ID 0. However, calling setReceiveHandler does nothing (it's never called, even when backend is sending messages) and when I attempt to send a message using NWConnectionGroup's -send method, a new stream is opened (instead of it being sent on stream ID 0).
How can one get a handle on NWConnection for stream ID 0?
Post not yet marked as solved
Hi, wondering if IOS supports WebTransport (HTTP/3) yet?
If so, where can I find information on implementing it in my app?
Post not yet marked as solved
We are using and iOS version 17.4.1 and 17.5(beta) , and when are we facing the issue for local network permission in our app.
Success scenario steps:
Don't allow the local network permission in our App
Allow it manually in app setting for local network permission(works only in first install of the App)
We are able to call the API successfully
Error scenario steps:
Allow the local network permission popup to app when asked for permission
Call the API successfully
Uninstall the app and install the same app again and don't allow the local network permission
API call fail's
Manually change the local network permission to allow in app settings
Still the API call fails even if we allow the local network permission
Conclusion : We are getting API error when re-install the app and if it is not allowed local network permission as well as when we allow the local network permission. Looks like caching issue.
Note: Even if uninstall and install multiple time and allow the local network permission from 2nd time onward API keeps on failing , but these scenario work perfectly fine on iOS 16 version and below. Even the existing app stopped working after updating iOS version to 17 and above.
Also we found alternatively when we uninstall the app and restart the device and install it back again it works fine for the first time as a fresh install.
Additionally : We are not calling local network permission explicitly, when the API call is happening this is native popup coming on iOS
Post not yet marked as solved
We've been using network framework for peer to peer connectivity since iOS 15. Since the introduction of iOS 17 we've been getting the following for our NWListener when attempting to establish a connection with any multipathServiceType enabled. We're not doing anything special here. On iOS 17.x devices (we've tested 17.1, 17.2, 17.4) we simply enable multipath services by adding the multipath capability and then setting multipathServiceType to .handover or .interactive on our NWParameters. The devices never connect when we try establish an NWConnection. This works on all non-iOS 17.x devices.
This is reproducible using the Apple Peer-to-Peer NWConnection TicTacToe sample code.
Post not yet marked as solved
We have a relatively simple app that using Network.Framework, NWConnection, NWEndpoint to setup TCP connections with nearby devices also using the app. It's actually been working great for a while now but we've recently noticed with iOS 17.4/17.4.1 that we're spontaneously getting:
nw_proto_tcp_route_init [C6:3] no mtu received
sometimes the [C6:3] will be [C7:3] or another similar code. We may also occasionally see No route to Host appear in our console logs though this isn't definite. After this point the connection is effectively lost but we don't actually receive any updates on our NWConnection stateUpdateHandler to action on. It's sort of dead in the water so to speak.
We've reproduced this issue with multiple devices on iOS 17.4.x and in multiple network settings (in office, cafe, home networks...etc). Nothing seems to make a difference. Any ideas on how to fix or workaround this?
I saw a similar issue here: https://developer.apple.com/forums/thread/669519 but the original author never followed up and it's around 3 years old. I've captured a sysdiagnose log and can submit an issue if it warrants filing a bug report.
Post not yet marked as solved
I spent 3 days sorting out an app that worked with net7.0 and Xcode 14.x.
Namely my Httpsclient requests to the API crashed the iOS after 6-9 cycles.
Ater re-coding with no luck, tracking the Crash codes and recoding with no luck, I finally found a forum that articulates 15.3 and net8.0 is a no go. Downgrade to 15.2.
I did the downgrade and my original code worked just fine.
I read most of the posts on 15.3 and did not see this issue noted. Has anyone seen the same issue and if so found a work around?
Others have seen an HttpsClient issue with authentication with 2 suggestions but no workable solution in 15.3. They downgraded.
Post not yet marked as solved
Hello,
I'm looking for a way to detect using NWPathMonitor when the iOS device is connected to a router but not to the internet.
As an example a mobile router WiFi without SIM.
In settings I'm able to switch the connection to its WiFi, once connected a label below the SSID shows Not connected to the internet.
I would like to show the same thing to the user inside my app, but unfortunately I always get the satisfied answer.
Am I missing something in configuring NWPathMonitor or reading the answer?
final class InternetConnectionMonitor {
lazy var internetConnectionStatusPublisher: AnyPublisher<InternetConnectionStatus, Never> = {
_internetConnectionStatusSubject
.compactMap{ $0 }
.eraseToAnyPublisher()
}()
var lastInternetConnectionStatus: InternetConnectionStatus? {
_internetConnectionStatusSubject.value
}
private let _internetConnectionStatusSubject = CurrentValueSubject<InternetConnectionStatus?, Never>(nil)
private let pathMonitor = NWPathMonitor()
private let pathMonitorQueue = DispatchQueue(label: "com.xxxxx-network-monitor", qos: .default)
init() {
startPathMonitoring()
}
private func startPathMonitoring() {
pathMonitor.pathUpdateHandler = { [weak self] path in
guard let self else { return }
let networkStatus = InternetConnectionStatus(from: path)
self._internetConnectionStatusSubject.send(networkStatus)
}
pathMonitor.start(queue: pathMonitorQueue)
}
}
Post not yet marked as solved
I'm noticing a trend in 'foreign' home security products that they want to combination of QR code scanning, and home router connections for 'Easy Setups'.
The iOS apps that have to be used with these products require the user to enter their home WiFi password directly into the app. Such apps also commonly request location data.
If unencrypted router passwords, and the Location data of the router are being captured and sent back to the manufacturer, this would be very very bad.
Of the few things I've put on the App Store, Apple went through my code with a fine tooth comb looking for things that went against their protocols and had to do multiple revisions to bring them in line. Although frustrating at the time, I was pleased to know this kind of screening happened.
I've heard Apple won't allow apps to do key logging/capture. Fantastic.
Is the the handling of our home network credentials also heavily scrutinised before thing are allowed on the Apple Store?
Post not yet marked as solved
Whenever I open a .unix socket (i.e.: /var/run/usbmuxd) I get the following errors in Xcode console:
nw_socket_set_common_sockopts [C13:1] setsockopt SO_NECP_CLIENTUUID failed [22: Invalid argument]
Type: Error | Timestamp: 2024-04-18 15:48:44.813556-04:00 | Process: TH Dev | Library: Network | Subsystem: com.apple.network | Category: connection | TID: 0x425e2
nw_socket_set_common_sockopts setsockopt SO_NECP_CLIENTUUID failed [22: Invalid argument]
Type: Error | Timestamp: 2024-04-18 15:48:44.813682-04:00 | Process: TH Dev | Library: Network | Subsystem: com.apple.network | Category: | TID: 0x425e2
nw_socket_copy_info [C13:1] getsockopt TCP_INFO failed [102: Operation not supported on socket]
Type: Error | Timestamp: 2024-04-18 15:48:44.814484-04:00 | Process: TH Dev | Library: Network | Subsystem: com.apple.network | Category: connection | TID: 0x425e2
nw_socket_copy_info getsockopt TCP_INFO failed [102: Operation not supported on socket]
Type: Error | Timestamp: 2024-04-18 15:48:44.814523-04:00 | Process: TH Dev | Library: Network | Subsystem: com.apple.network | Category: | TID: 0x425e2
While communication to/from the socket seems to work, the operations leading to these errors shouldn't be attempted if the socket doesn't support them.
Post not yet marked as solved
Like the post at https://forums.developer.apple.com/forums/thread/118035, I'm hitting an issue where I'm receiving:
boringssl_session_set_peer_verification_state_from_session(448) [C1.1.1.1:2][0x12b667210] Unable to extract cached certificates from the SSL_SESSION object
In my app logs. I tried to pin the SSL version to TLS 1.2 per Quinn's advice in that post, and then started digging further enabling CFNETWORK_DIAGNOSTICS=3 to see what was exposed on the Console.log (since it didn't show up in the Xcode console)
The related log lines:
0 debug boringssl 15:43:04.978874-0700 MeetingNotes boringssl_context_log_message(2206) [C5:2][0x11080a760] Reading SSL3_RT_HANDSHAKE 16 bytes
0 debug boringssl 15:43:04.979007-0700 MeetingNotes boringssl_context_log_message(2206) [C5:2][0x11080a760] Writing SSL3_RT_CHANGE_CIPHER_SPEC 1 bytes
0 debug boringssl 15:43:04.979141-0700 MeetingNotes boringssl_context_log_message(2206) [C5:2][0x11080a760] Writing SSL3_RT_HANDSHAKE 16 bytes
0 debug boringssl 15:43:04.979260-0700 MeetingNotes nw_protocol_boringssl_write_bytes(87) [C5:2][0x11080a760] write request: 51
0 debug boringssl 15:43:04.979387-0700 MeetingNotes nw_protocol_boringssl_write_bytes(158) [C5:2][0x11080a760] total bytes written: 51
921460 debug boringssl 15:43:09.937961-0700 MeetingNotes boringssl_context_log_message(2206) [C5:2][0x11080a760] Writing SSL3_RT_ALERT 2 bytes
0 error boringssl 15:43:04.979630-0700 MeetingNotes boringssl_session_set_peer_verification_state_from_session(448) [C5:2][0x11080a760] Unable to extract cached certificates from the SSL_SESSION object
Have a number of references to SSL3_RT in the messages, and I was curious if that indicated that I was using TLS1.3, which apparently doesn't support private shared keys.
The constraints that I used riffs on the sample code from the tic-tac-toe example project:
private static func tlsOptions(passcode: String) -> NWProtocolTLS.Options {
let tlsOptions = NWProtocolTLS.Options()
let authenticationKey = SymmetricKey(data: passcode.data(using: .utf8)!)
let authenticationCode = HMAC<SHA256>.authenticationCode(
for: "MeetingNotes".data(using: .utf8)!,
using: authenticationKey
)
let authenticationDispatchData = authenticationCode.withUnsafeBytes {
DispatchData(bytes: $0)
}
// Private Shared Key (https://datatracker.ietf.org/doc/html/rfc4279) is *not* supported in
// TLS 1.3 [https://tools.ietf.org/html/rfc8446], so this pins the TLS options to use version 1.2:
// @constant tls_protocol_version_TLSv12 TLS 1.2 [https://tools.ietf.org/html/rfc5246]
sec_protocol_options_set_max_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv12)
sec_protocol_options_set_min_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv12)
sec_protocol_options_add_pre_shared_key(
tlsOptions.securityProtocolOptions,
authenticationDispatchData as __DispatchData,
stringToDispatchData("MeetingNotes")! as __DispatchData
)
/* RFC 5487 - PSK with SHA-256/384 and AES GCM */
// Forcing non-standard cipher suite value to UInt16 because for
// whatever reason, it can get returned as UInt32 - such as in
// GitHub actions CI.
let ciphersuiteValue = UInt16(TLS_PSK_WITH_AES_128_GCM_SHA256)
sec_protocol_options_append_tls_ciphersuite(
tlsOptions.securityProtocolOptions,
tls_ciphersuite_t(rawValue: ciphersuiteValue)!
)
return tlsOptions
}
Is there something I'm missing in setting up the proper constraints to request TLS version 1.2 with a private shared key to be used? And beyond that, any suggestions for debugging or narrowing down what might be failing?
Post not yet marked as solved
I want to get the network-name (domain-name) on my Mac-Machine. Where iin the Settings does this domain name gets configured. I refer to this page which talks about computer name and host name, I could find where my hostname is present (Settings-&gt;General-&gt;Sharing-&gt;local host name) but not anything related to the network-name (local -domain) .
Even try to fetch this info using the linux api to getdomainname, api call succeeded but it returns Nothing.
#include &lt;iostream&gt;
#include &lt;unistd.h&gt;
#include &lt;limits.h&gt;
#include &lt;cstring&gt;
int main() {
char domainname[255];
// Get the domain name
if (getdomainname(domainname, 255) != 0) {
std::cout &lt;&lt; "Error getting domain name" &lt;&lt; std::endl;
return 1;
}
std::cout &lt;&lt; "Domain name: " &lt;&lt; domainname &lt;&lt; std::endl;
return 0;
}
Output
Domain name:
I even came across Search-Domains, Does it have anything to do with the network-name (domain name of the machine)?
Post not yet marked as solved
I have a use-case were I want to use the the FQDN (Fully Qualified Domain Name) in IOS-Device, which can be used to connect to a Device instead of using the IP-Address. FQDN will be consisting of the machine-name or host-name (Most common term) and the domain-name of the network i.e network-name (local domain assigned to that device). Which IOS Api can be used Here?
Post not yet marked as solved
Hello,
Our app has an internal job processing queue. All jobs are built as a NSOperation and involve a network request, and they are added to NSOperationQueue. When the app is closed while a request is being sent, the app sometimes crashes, but it also keeps crashing whenever we build the operation again and retry it. This happens rarely, but we can systematically reproduce it after a few tries with many jobs.
This issue blocks the queue in our app. I understand if this is an issue deep within the framework, but it would be very useful to at least find a way to work around this issue so the queue can continue processing other jobs.
The full crash report is attached. I also submitted a bug report: FB13734737
There seems to be an internal assertion fired in CFNetwork:
Assertion failed: (CFReadStreamGetStatus(_stream.get()) == kCFStreamStatusNotOpen) function _onqueue_setupStream_block_invoke file HTTPRequestBody.cpp line 878.
Crashed: com.apple.NSURLConnectionLoader
0 libsystem_kernel.dylib 0xa974 __pthread_kill + 8
1 libsystem_pthread.dylib 0x60ec pthread_kill + 268
2 libsystem_c.dylib 0x75b80 abort + 180
3 libsystem_c.dylib 0x74e70 err + 282
4 CFNetwork 0x1f73b8 CFHTTPCookieStorageUnscheduleFromRunLoop + 278252
5 libdispatch.dylib 0x3dd4 _dispatch_client_callout + 20
6 libdispatch.dylib 0x786c _dispatch_block_invoke_direct + 288
7 CFNetwork 0x259ab0 estimatedPropertyListSize + 33724
8 CoreFoundation 0x24b34 CFArrayApplyFunction + 72
9 CFNetwork 0x2599a0 estimatedPropertyListSize + 33452
10 CFNetwork 0x25c084 estimatedPropertyListSize + 43408
11 CoreFoundation 0x3762c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
12 CoreFoundation 0x368a8 __CFRunLoopDoSource0 + 176
13 CoreFoundation 0x35058 __CFRunLoopDoSources0 + 244
14 CoreFoundation 0x33d88 __CFRunLoopRun + 828
15 CoreFoundation 0x33968 CFRunLoopRunSpecific + 608
16 CFNetwork 0x25ac48 estimatedPropertyListSize + 38228
17 Foundation 0x9ca9c __NSThread__start__ + 732
18 libsystem_pthread.dylib 0x2a90 _pthread_start + 136
19 libsystem_pthread.dylib 0x1fcc thread_start + 8
This is how we build the operation:
-(NSOperation*)operationForRequest:(Job*)job
{
NSURL *url = [NSURL URLWithString:job.url];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
[request setValue:@"application/json, application/xml, text/plain" forHTTPHeaderField:@"Accept"];
[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
[request setValue:@"no-cache" forHTTPHeaderField:@"Cache-Control"];
[request setValue:[NSString stringWithFormat:@"Bearer %@", [self getToken]] forHTTPHeaderField:@"Authorization"];
[request setHTTPMethod:job.method];
NSData *bodyData = [job.payload dataUsingEncoding:NSUTF8StringEncoding];
[request setHTTPBody:bodyData];
return [[NetworkOperation alloc] initWithRequest:request uuid:job.jobId completionHandler:^(NSString* jobId, NSData *data, NSURLResponse *response, NSError *error) {
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_BACKGROUND, 0), ^{
@autoreleasepool {
RLMRealm *realm = [RLMRealm defaultRealm];
Job *opJob = [Job objectInRealm:realm forPrimaryKey:jobId];
[self processJobResponse:opJob response:response data:data error:error realm:realm];
}
});
}];
}
This is how the NetworkOperation executes the request:
- (void)main {
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionTask *task = [session dataTaskWithRequest:self.request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (self.networkOperationCompletionBlock) {
self.networkOperationCompletionBlock(self.uuid, data, response, error);
self.networkOperationCompletionBlock = nil;
}
[self completeOperation];
}];
[task resume];
self.task = task;
}
crashlog3.crash
Post not yet marked as solved
Hello, I was referring to the post - https://developer.apple.com/forums/thread/663769 to determine if my app has been granted access to Local Network or not. I am starting an NWConnection for a local network address and checking if the currentPath?.unsatisfiedReason == .localNetworkDenied. This is not working as expected.
Even when I accept the local network permission prompt, I still get the unsatisfied reason as .localNetworkDenied. I have also tried turning off/on the permission toggle from the settings app. I have also checked this with the 2nd method in the above post about using pathUpdateHandler and getting the same results. I am using an iOS 17.4.1 device.
Is this method reliable? Is there some other method/api that I can use to check for local network access in my app?
Post not yet marked as solved
Hi all,
My application requires to create a WebSocket server on an iOS application for other devices can connect and transfer data with my application.
I used Vapor library to create a socket server and it works well when the application is in the foreground.
I am trying to keep the server alive when my app moves to the background or the suspended state so that my app and other devices can continue to communicate with each other.
Is there any ways to achieve that?
I tried to turn on a mode: "Audio, Airplay, and Picture in Picture" in background modes section in Signing & Capabilities and then my application can still communicate with clients when it is background mode.
But my application is an application for user can edit image and send it to other devices through sockets and it does not have audio, airplay,.. feature.
Is it ok to publish the app to the app store in the future?
Thank you!
Post not yet marked as solved
After numerous trials and errors, we finally succeeded in implementing VR180.
However, there is a problem.
Videos played via a URL (Internet) connection experience significant lag. Initially, I thought it was a bitrate issue.
But after various tests, I began to suspect that the problem might be with the internet connection processing..itself
I tested the same video through both file opening (set up as a network drive) and URL (AWS) connections. Since AWS provides stable speeds, I concluded there is no issue there.
The video files are 8K. The bitrate is between 80-90 Mbps. The conditions for decoding and implementing 8K are the same. Also, when I mirrored the video, there was significant lag. Both AFP and URL use the same wireless conditions. I assume the conditions for implementing 8K are the same. When mirroring, the AFP connection had no lag at all.
Could it be that VisionOS's URL (Internet connection) is causing a high system load? I noticed that an app called AmazeVR allows videos to be downloaded before playing. Could this be because of the URL issue?
If anyone knows, please respond.
Post not yet marked as solved
Hello,
I have an app that receives critical alarms. This is usually done through remote push notifications from the server, but to add redundancy I'd like to add a MQTT connection as well. There are scenarios where internet connection might be missing (but there is a local WiFi connection to the server) hence I'd like to deliver the alarms directly from server to client without going out via the Internet.
The problem is that according to all restrictions on iOS, the MQTT connection will not be maintained in the background and disconnect occurs within 20-30 sec after going in the background and shutting the screen.
I'm aware of all the background modes that iOS allows but none fall within this scenario.
Is there a way to maintain a MQTT connection (or some other type of network connection) in the background on iOS?
Issue
When using the nio-ssh library to execute ssh commands in a daemonized context (built executable launched using launchctl with a config in /Library/LaunchDaemons) a ChannelError (operationUnsupported) is thrown.
I'm unsure if this is a problem just with nio-ssh or nio in general. Could it be that certain network operations aren't permitted from within a daemon?
Any information/help on this matter is greatly appreciated!
Related issue in the nio-ssh repository: https://github.com/apple/swift-nio-ssh/issues/166
Unfortunately there are no specific tags for these libraries (nio, nio-ssh) or for daemons, so I have used the Network tag instead.
Reproduction
Reproduction can be found here: https://github.com/eliaSchenker/nio-ssh-daemon-issue/tree/main
To run the reproduction follow these steps:
Build using Xcode (Product > Build)
Find the executable in the build folder (Product > Show Build Folder in Finder)
Move the executable to /Library/PrivilegedHelperTools
Create a daemon configuration in /Library/LaunchDaemons/nio-ssh-daemon.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>nio-ssh-daemon</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/nio-ssh-daemon</string>
<string>username:password@host</string>
<string>ls -la</string>
</array>
<key>KeepAlive</key>
<true/>
<key>ProcessType</key>
<string>Interactive</string>
<key>StandardOutPath</key>
<string>/Library/Logs/nio-ssh-daemon.out.log</string>
<key>StandardErrorPath</key>
<string>/Library/Logs/nio-ssh-daemon.err.log</string>
</dict>
</plist>
making sure to adjust the program arguments to include an host with username and password.
Load the daemon using
sudo launchctl load nio-ssh-daemon.plist
When opening Console.app, navigating to Log Reports and opening nio-ssh-daemon.out.log the logged error will be shown:
Creating bootstrap
Connecting channel
Creating child channel
Waiting for connection to close
Error in pipeline: operationUnsupported
An error occurred: commandExecFailed
If the executable is run manually without a daemon it will work correctly:
./nio.ssh-daemon username:password@host
The reproduction is a copy of the example in the repository (https://github.com/apple/swift-nio-ssh/tree/main/Sources/NIOSSHClient) with slight modifications to log errors instead of using try!.
I'm following the approach in https://developer.apple.com/forums/thread/703234 section "Doing Even Better: Proper Security".
My question is: does it work if the accessory is not in the local network (i.e. out there on the Internet with an IP address) ?
I tried and: SecTrustEvaluateWithError(trust, nil) returns true, but TLS still fails:
ATS failed system trust
Connection 1: system TLS Trust evaluation failed(-9802)
<snip>
Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,
Here is my code :
var err = SecTrustSetPolicies(trust, SecPolicyCreateBasicX509())
os_log("SecTrustSetPolicies returns \(err)")
err = SecTrustSetAnchorCertificates(trust, [self.myCA] as NSArray)
os_log("SecTrustSetAnchorCertificates returns \(err)")
err = SecTrustSetAnchorCertificatesOnly(trust, true)
os_log("SecTrustSetAnchorCertificatesOnly returns \(err)")
// check the trust object
let evalResult = SecTrustEvaluateWithError(trust, nil)
os_log("SecTrust eval result: \(evalResult)")
// create a credential with accepted server trust.
let credential = URLCredential(trust: trust)
completionHandler(.useCredential, credential)
the logs are:
SecTrustSetPolicies returns 0
SecTrustSetAnchorCertificates returns 0
SecTrustSetAnchorCertificatesOnly returns 0
SecTrust eval result: true
Did I do anything wrong? or is it not supported outside the local network?
Thanks.
Post not yet marked as solved
I am trying to set up a secure local websocket server on a mac using swift. I think I am able to get a non-secure server running (still untested). But I am unable to find any documentation that points to how to set up a secure connection (say uses TLS 1.2) if I have an ssl cert, an intermediate cert (both pem files) and the private key for that cert.
Any insight would be great.
Any code samples that show setting up a local secure websocket server that makes use of certificates and private keys would be even better.