I'm following the approach in https://developer.apple.com/forums/thread/703234 section "Doing Even Better: Proper Security".
My question is: does it work if the accessory is not in the local network (i.e. out there on the Internet with an IP address) ?
I tried and: SecTrustEvaluateWithError(trust, nil)
returns true
, but TLS still fails:
ATS failed system trust
Connection 1: system TLS Trust evaluation failed(-9802)
<snip>
Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,
Here is my code :
var err = SecTrustSetPolicies(trust, SecPolicyCreateBasicX509())
os_log("SecTrustSetPolicies returns \(err)")
err = SecTrustSetAnchorCertificates(trust, [self.myCA] as NSArray)
os_log("SecTrustSetAnchorCertificates returns \(err)")
err = SecTrustSetAnchorCertificatesOnly(trust, true)
os_log("SecTrustSetAnchorCertificatesOnly returns \(err)")
// check the trust object
let evalResult = SecTrustEvaluateWithError(trust, nil)
os_log("SecTrust eval result: \(evalResult)")
// create a credential with accepted server trust.
let credential = URLCredential(trust: trust)
completionHandler(.useCredential, credential)
the logs are:
SecTrustSetPolicies returns 0
SecTrustSetAnchorCertificates returns 0
SecTrustSetAnchorCertificatesOnly returns 0
SecTrust eval result: true
Did I do anything wrong? or is it not supported outside the local network?
Thanks.
Another question I have is: based on
NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?
, can I opt to connect to the server anyway programmatically?