diff --git a/MOLAuthenticatingURLSession.podspec b/MOLAuthenticatingURLSession.podspec deleted file mode 100644 index ed732f6..0000000 --- a/MOLAuthenticatingURLSession.podspec +++ /dev/null @@ -1,15 +0,0 @@ -Pod::Spec.new do |s| - s.name = 'MOLAuthenticatingURLSession' - s.version = '2.9' - s.platform = :osx - s.osx.deployment_target = '10.9' - s.license = { :type => 'Apache 2.0', :file => 'LICENSE' } - s.homepage = 'https://github.com/google/macops-MOLAuthenticatingURLSession' - s.authors = { 'Google Macops' => 'macops-external@google.com' } - s.summary = 'An NSURLSession wrapper that handles certificate validation nicely' - s.source = { :git => 'https://github.com/google/macops-MOLAuthenticatingURLSession.git', - :tag => "v#{s.version}" } - s.source_files = 'Source/MOLAuthenticatingURLSession/*.{h,m}' - s.framework = 'Security' - s.dependency 'MOLCertificate', '~> 2.0' -end diff --git a/Podfile b/Podfile deleted file mode 100644 index cc3de75..0000000 --- a/Podfile +++ /dev/null @@ -1,5 +0,0 @@ -platform :osx, "10.9" - -target :MOLAuthenticatingURLSession do - pod 'MOLCertificate' -end diff --git a/Podfile.lock b/Podfile.lock deleted file mode 100644 index 9282f4b..0000000 --- a/Podfile.lock +++ /dev/null @@ -1,12 +0,0 @@ -PODS: - - MOLCertificate (1.8) - -DEPENDENCIES: - - MOLCertificate - -SPEC CHECKSUMS: - MOLCertificate: c999513316d511c69f290fbf313dfe8dca4ad592 - -PODFILE CHECKSUM: 9a193ce3a54656b92a06f67ac942f66501992890 - -COCOAPODS: 1.4.0 diff --git a/Source/MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.m b/Source/MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.m index 01d2950..dbb45c1 100644 --- a/Source/MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.m +++ b/Source/MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.m @@ -35,8 +35,8 @@ - (instancetype)initWithSessionConfiguration:(NSURLSessionConfiguration *)config - (instancetype)init { NSURLSessionConfiguration *config = [NSURLSessionConfiguration ephemeralSessionConfiguration]; - [config setTLSMinimumSupportedProtocol:kTLSProtocol12]; - [config setHTTPShouldUsePipelining:YES]; + config.TLSMinimumSupportedProtocolVersion = tls_protocol_version_TLSv12; + config.HTTPShouldUsePipelining = YES; return [self initWithSessionConfiguration:config]; } @@ -308,17 +308,12 @@ - (NSURLCredential *)serverCredentialForProtectionSpace:(NSURLProtectionSpace *) } // Evaluate the server's cert chain. - SecTrustResultType result = kSecTrustResultInvalid; - err = SecTrustEvaluate(protectionSpace.serverTrust, &result); - if (err != errSecSuccess) { - [self log:@"Server Trust: Unable to evaluate certificate chain for server: %d", err]; - return nil; - } - - // Having a trust level "unspecified" by the user is the usual result, described at - // https://developer.apple.com/library/mac/qa/qa1360 - if (result != kSecTrustResultProceed && result != kSecTrustResultUnspecified) { - [self log:@"Server Trust: Server isn't trusted. SecTrustResultType: %d", result]; + CFErrorRef cfErrRef; + if (!SecTrustEvaluateWithError(protectionSpace.serverTrust, &cfErrRef)) { + NSError *errRef = CFBridgingRelease(cfErrRef); + NSError *underlyingError = errRef.userInfo[NSUnderlyingErrorKey]; + NSString *errMsg = CFBridgingRelease(SecCopyErrorMessageString((OSStatus)underlyingError.code, NULL)); + [self log:@"Server Trust: Unable to evaluate certificate chain for server: %@ (%d)", errMsg, underlyingError.code]; return nil; } @@ -449,9 +444,8 @@ - (NSArray *)locateIntermediatesForCertificate:(MOLCertificate *)leafCert // use the result of the evaluation. The certificates seem to be available // without calling this but the documentation is clear that // SecTrustGetCertificateAtIndex shouldn't be called without calling - // SecTrustEvaluate first. - SecTrustResultType _; // unused - SecTrustEvaluate(t, &_); + // SecTrustEvaluateWithError first. + (void)SecTrustEvaluateWithError(t, NULL); NSMutableArray *intermediates = [NSMutableArray array]; CFIndex certCount = SecTrustGetCertificateCount(t);