logo标签列表

在iOS 15中替换已弃用的`SecTrustGetCertificateAtIndex`?

iosswiftsslios15
7

我在 iOS 15 SDK 中得到了一个废弃警告,但建议的替换方案不是一对一的替换。这是用来评估SSL信任链的代码:

func valid(_ trust: SecTrust, forHost host: String) -> Bool {
    guard valid(trust, for: [SecPolicyCreateSSL(true, nil)]),
        valid(trust, for: [SecPolicyCreateSSL(true, host as CFString)]) else {
            return false
    }

    let serverCertificatesData = Set(
        (0..<SecTrustGetCertificateCount(trust))
            .compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
            .map { SecCertificateCopyData($0) as Data }
    )

    let pinnedCertificatesData = Set(
        certificates.map { SecCertificateCopyData($0) as Data }
    )

    return !serverCertificatesData.isDisjoint(with: pinnedCertificatesData)
}

Xcode 13 beta 中我收到的警告是:
'SecTrustGetCertificateAtIndex' was deprecated in iOS 15.0: renamed to 'SecTrustCopyCertificateChain(_:)'. 
Use 'SecTrustCopyCertificateChain(_:)' instead.

然而,SecTrustGetCertificateAtIndex (文档) 返回SecCertificate,而 SecTrustCopyCertificateChain (文档) 返回CFArray。如何在我提供的用法中正确更新它?

1个回答
8

iOS 14.5 => iOS 15 SDK Diff 显示只有以下这些新增内容 (Xcode 13 Beta 1版本为准)

SecBase.h
Added errSecInvalidCRLAuthority
Added errSecInvalidTupleCredentials
Added errSecCertificateDuplicateExtension

SecTrust.h
Added SecTrustCopyCertificateChain()

他们没有为SecCertificate添加任何新的兄弟类型。正如你已经注意到的,它返回一个CFArray

func SecTrustCopyCertificateChain(_ trust: SecTrust) -> CFArray?

所以针对你代码的这部分 -

let serverCertificatesData = Set(
    (0..<SecTrustGetCertificateCount(trust))
        .compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
        .map { SecCertificateCopyData($0) as Data }
)

似乎值得尝试一下,使用SecTrustCopyCertificateChain可能会返回一个CFArraySecCertificate实例?不幸的是我现在无法进行调试。
也许可以尝试这样做 -
if let certificates = SecTrustCopyCertificateChain(trust) as? [SecCertificate] {
    let serverCertificatesData = Set(
        certificates.map { SecCertificateCopyData($0) as Data }
    )
}
2
你说得对,CFArray 确实是 [SecCertificate]。谢谢! - TruMan1
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接