3

我在iOS 15SDK 中收到弃用警告,但建议的替换不是一对一的替换。这是我评估 SSL 信任链的内容:

func valid(_ trust: SecTrust, forHost host: String) -> Bool {
    guard valid(trust, for: [SecPolicyCreateSSL(true, nil)]),
        valid(trust, for: [SecPolicyCreateSSL(true, host as CFString)]) else {
            return false
    }

    let serverCertificatesData = Set(
        (0..<SecTrustGetCertificateCount(trust))
            .compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
            .map { SecCertificateCopyData($0) as Data }
    )

    let pinnedCertificatesData = Set(
        certificates.map { SecCertificateCopyData($0) as Data }
    )

    return !serverCertificatesData.isDisjoint(with: pinnedCertificatesData)
}

我在 Xcode 13 beta 中收到的警告是:

'SecTrustGetCertificateAtIndex' was deprecated in iOS 15.0: renamed to 'SecTrustCopyCertificateChain(_:)'. 
Use 'SecTrustCopyCertificateChain(_:)' instead.

但是,SecTrustGetCertificateAtIndex( docs ) 返回SecCertificate其中SecTrustCopyCertificateChain( docs ) 返回 a CFArray。如何在我提供的用法中正确更新?

4

1 回答 1

2

iOS 14.5 => iOS 15 SDK Diff表示唯一的添加是这些(从 Xcode 13 Beta 1 开始

SecBase.h
Added errSecInvalidCRLAuthority
Added errSecInvalidTupleCredentials
Added errSecCertificateDuplicateExtension

SecTrust.h
Added SecTrustCopyCertificateChain()

他们没有向SecCertificate. 正如您已经注意到它返回一个CFArray.

func SecTrustCopyCertificateChain(_ trust: SecTrust) -> CFArray?

所以对于你的这部分代码 -

let serverCertificatesData = Set(
    (0..<SecTrustGetCertificateCount(trust))
        .compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
        .map { SecCertificateCopyData($0) as Data }
)

似乎值得一试SecTrustCopyCertificateChain可能会返回一个CFArray实例SecCertificate?不幸的是,我现在无法调试它。

也许尝试这样的事情 -

if let certificates = SecTrustCopyCertificateChain(trust) as? [SecCertificate] {
    let serverCertificatesData = Set(
        certificates.map { SecCertificateCopyData($0) as Data }
    )
}
于 2021-06-18T14:00:49.203 回答