nathanejohnson
commented
1 year ago followup: tentatively this seems to be caused by not loading a root cert bundle on ios. As a workaround, I can call load_verify_locations_from_file and hand it a CA bundle, I can include that with my swift package, however it is really not obvious from the logs that no system root cert bundle was found. At minimum, I think logging should be improved and documentation should address this, but I think I have a workaround for now. If I find a better solution I might do a PR. The most surprising part is cert validation works in ios simulator.
I have created a small test program that exports a method via FFI and I call this from swift using a bridging header. The server side is based on quic-go , and a command line app that calls this same code works fine. Running the swift -> ffi code works fine as well on mac and ios simulator, but fails on an actual iPad device (tried various ios versions, 16.5, 15.3.1, 13.5.1), and it fails similarly on all.
Here is a copy of the console logs from the ios app:
quiche_logs_ios.txt
Here is a copy of a successful run from my mac against the same server:
quiche_logs_mac.txt
I can get it to work from ios if I set verify_peer to false, though obviously this is not ideal. I have tried with quiche 0.17.2 as well as HEAD of master, with bundled boringssl as well as vendored. Kind of out of ideas on where to look on this.
Thanks in advance.