Open djones6 opened 5 years ago
I've pushed the debugging I've done up to this point to this branch: https://github.com/IBM-Swift/SwiftyRequest/compare/clientCertFixes
I was planning to use a service hosted on badssl.com that allows you to download a client certificate (https://badssl.com/download/) and then supply it for verification at https://client.badssl.com/
Support for client certificate authentication (2-way SSL) was supposedly introduced in #33, but I believe it is broken. There is a test for this, but the test does not access an endpoint that requests a client certificate.
There are obvious errors in the code which mean it won't work. For example: https://github.com/IBM-Swift/SwiftyRequest/blob/master/Sources/SwiftyRequest/RestRequest.swift#L930
At first glance this looks reasonable, but
NSData(base64Encoded:)
tries to base64decode a String, it does not read from a file. This will fail, because it's being provided a file path and not its contents.Also, if it were given the content of the file, there is no file format that you could straight decode as base64 - as I understand it, raw DER is binary data, and PEM is base64-encoded DER plus some human-readable headers. We'd need to remove those headers to decode the data. I'm not convinced that the code within this block has ever been executed, however it looks convincing (speaking as someone who doesn't understand it), so it may have come from somewhere authoritative, and may work if the problems above are addressed.