Remove deprecated symbols & Podspec, provide more details on trust fa…

…ilure. (#21)
google · Dec 19, 2022 · 38b5ee4 · 38b5ee4
1 parent fcd5ac9
commit 38b5ee4
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 48 deletions.
diff --git a/MOLAuthenticatingURLSession.podspec b/MOLAuthenticatingURLSession.podspec
diff --git a/Podfile b/Podfile
diff --git a/Podfile.lock b/Podfile.lock
diff --git a/Source/MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.m b/Source/MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.m
@@ -35,8 +35,8 @@ - (instancetype)initWithSessionConfiguration:(NSURLSessionConfiguration *)config
 
 - (instancetype)init {
   NSURLSessionConfiguration *config = [NSURLSessionConfiguration ephemeralSessionConfiguration];
-  [config setTLSMinimumSupportedProtocol:kTLSProtocol12];
-  [config setHTTPShouldUsePipelining:YES];
+  config.TLSMinimumSupportedProtocolVersion = tls_protocol_version_TLSv12;
+  config.HTTPShouldUsePipelining = YES;
   return [self initWithSessionConfiguration:config];
 }
 
@@ -308,17 +308,12 @@ - (NSURLCredential *)serverCredentialForProtectionSpace:(NSURLProtectionSpace *)
   }
 
   // Evaluate the server's cert chain.
-  SecTrustResultType result = kSecTrustResultInvalid;
-  err = SecTrustEvaluate(protectionSpace.serverTrust, &result);
-  if (err != errSecSuccess) {
-    [self log:@"Server Trust: Unable to evaluate certificate chain for server: %d", err];
-    return nil;
-  }
-
-  // Having a trust level "unspecified" by the user is the usual result, described at
-  // https://developer.apple.com/library/mac/qa/qa1360
-  if (result != kSecTrustResultProceed && result != kSecTrustResultUnspecified) {
-    [self log:@"Server Trust: Server isn't trusted. SecTrustResultType: %d", result];
+  CFErrorRef cfErrRef;
+  if (!SecTrustEvaluateWithError(protectionSpace.serverTrust, &cfErrRef)) {
+    NSError *errRef = CFBridgingRelease(cfErrRef);
+    NSError *underlyingError = errRef.userInfo[NSUnderlyingErrorKey];
+    NSString *errMsg = CFBridgingRelease(SecCopyErrorMessageString((OSStatus)underlyingError.code, NULL));
+    [self log:@"Server Trust: Unable to evaluate certificate chain for server: %@ (%d)", errMsg, underlyingError.code];
     return nil;
   }
 
@@ -449,9 +444,8 @@ - (NSArray *)locateIntermediatesForCertificate:(MOLCertificate *)leafCert
   // use the result of the evaluation. The certificates seem to be available
   // without calling this but the documentation is clear that
   // SecTrustGetCertificateAtIndex shouldn't be called without calling
-  // SecTrustEvaluate first.
-  SecTrustResultType _;  // unused
-  SecTrustEvaluate(t, &_);
+  // SecTrustEvaluateWithError first.
+  (void)SecTrustEvaluateWithError(t, NULL);
 
   NSMutableArray *intermediates = [NSMutableArray array];
   CFIndex certCount = SecTrustGetCertificateCount(t);