Tru*_*an1 7 ssl ios swift ios15
我在 SDK 中收到弃用警告iOS 15,但建议的替换不是一对一的替换。这是我评估 SSL 信任链的方法:
func valid(_ trust: SecTrust, forHost host: String) -> Bool {
guard valid(trust, for: [SecPolicyCreateSSL(true, nil)]),
valid(trust, for: [SecPolicyCreateSSL(true, host as CFString)]) else {
return false
}
let serverCertificatesData = Set(
(0..<SecTrustGetCertificateCount(trust))
.compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
.map { SecCertificateCopyData($0) as Data }
)
let pinnedCertificatesData = Set(
certificates.map { SecCertificateCopyData($0) as Data }
)
return !serverCertificatesData.isDisjoint(with: pinnedCertificatesData)
}
我在 Xcode 13 beta 中收到的警告是:
'SecTrustGetCertificateAtIndex' was deprecated in iOS 15.0: renamed to 'SecTrustCopyCertificateChain(_:)'.
Use 'SecTrustCopyCertificateChain(_:)' instead.
但是,SecTrustGetCertificateAtIndex( docs ) 返回SecCertificate,而SecTrustCopyCertificateChain( docs ) 返回CFArray. 如何在我提供的用法中正确更新它?
Tar*_*agi 10
iOS 14.5 => iOS 15 SDK Diff表明唯一的添加内容是这些(从 Xcode 13 Beta 1 开始)
SecBase.h
Added errSecInvalidCRLAuthority
Added errSecInvalidTupleCredentials
Added errSecCertificateDuplicateExtension
SecTrust.h
Added SecTrustCopyCertificateChain()
他们没有向 中添加任何新的同级类型SecCertificate。正如您已经注意到的,它返回一个CFArray.
func SecTrustCopyCertificateChain(_ trust: SecTrust) -> CFArray?
所以对于你的代码的这一部分 -
let serverCertificatesData = Set(
(0..<SecTrustGetCertificateCount(trust))
.compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
.map { SecCertificateCopyData($0) as Data }
)
似乎值得一试,SecTrustCopyCertificateChain可能会返回CFArray实例SecCertificate?不幸的是我现在无法调试这个。
也许尝试这样的事情 -
if let certificates = SecTrustCopyCertificateChain(trust) as? [SecCertificate] {
let serverCertificatesData = Set(
certificates.map { SecCertificateCopyData($0) as Data }
)
}