Closed aj-dt closed 1 year ago
Several additional changes made on subsequent commits:
[NSURLSession new]
in the tests with [NSURLSession sessionWithConfiguration]
@available()
with a dlsym-based approach for determining when to choose SecTrustCopyCertificateChain
over SecTrustGetCertificateAtIndex
at runtime. The problem here was that @available
is not handled well by older compilers when the platform version is higher than the max-version known by that compiler, which was the case for an @available
targeting iOS 15 and Xcode 12.5.1.@available
statements.
Fixes deprecation warnings for
The deprecation warnings are fixed by delegating the same tasks to new functions in
pinning_utils.m
, which useif (@available(...))
to call the correct functions based on platform version, e.g.SecTrustCopyPublicKey
on iOS < 14 andSecTrustCopyKey
on iOS >= 14.The replcaements for
SecTrustCopyPublicKey
andSecTrustGetCertificateAtIndex
are straightforward.The replacement for
SecTrustEvaluate
is more subtle, becauseSecTrustEvaluate
and its replacementSecTrustEvaluateWithError
behave differently:SecTrustEvaluate
will return success even when the certificate is not trusted (e.g. for trustResult = kSecTrustResultRecoverableTrustFailure). ButSecTrustEvaluateWithError
will return failure when the certificate is not trusted (e.g. for kSecTrustResultRecoverableTrustFailure). This means that beyond just replacingSecTrustEvaluate() -> evaluateTrust()
, it was necessary to adjust the if statements evaluating the result to reflect this change.The changes were evaluated by running the unit tests after setting the minimum deployment target successively to iOS 11 and iOS 15.