问题描述
我在 iOS 15 SDK 中收到弃用警告,但建议的替换不是一对一的替换。这是我用于评估 SSL 信任链的内容:
func valid(_ trust: SecTrust,forHost host: String) -> Bool {
guard valid(trust,for: [SecPolicyCreateSSL(true,nil)]),valid(trust,host as CFString)]) else {
return false
}
let serverCertificatesData = Set(
(0..<SecTrustGetCertificateCount(trust))
.compactMap { SecTrustGetCertificateAtIndex(trust,$0) }
.map { SecCertificatecopyData($0) as Data }
)
let pinnedCertificatesData = Set(
certificates.map { SecCertificatecopyData($0) as Data }
)
return !serverCertificatesData.isdisjoint(with: pinnedCertificatesData)
}
我在 Xcode 13 beta 中得到的警告是:
'SecTrustGetCertificateAtIndex' was deprecated in iOS 15.0: renamed to 'SecTrustcopyCertificateChain(_:)'.
Use 'SecTrustcopyCertificateChain(_:)' instead.
但是,SecTrustGetCertificateAtIndex (docs) 返回 SecCertificate,其中 SecTrustcopyCertificateChain (docs) 返回 CFArray。如何在我提供的用法中正确更新?
解决方法
iOS 14.5 => iOS 15 SDK Diff 表示唯一添加的是这些(从 Xcode 13 Beta 1 开始)
SecBase.h
Added errSecInvalidCRLAuthority
Added errSecInvalidTupleCredentials
Added errSecCertificateDuplicateExtension
SecTrust.h
Added SecTrustCopyCertificateChain()
他们没有向 SecCertificate 添加任何新的兄弟类型。正如您已经注意到的,它返回一个 CFArray。
func SecTrustCopyCertificateChain(_ trust: SecTrust) -> CFArray?
所以对于这部分代码 -
let serverCertificatesData = Set(
(0..<SecTrustGetCertificateCount(trust))
.compactMap { SecTrustGetCertificateAtIndex(trust,$0) }
.map { SecCertificateCopyData($0) as Data }
)
SecTrustCopyCertificateChain 可能返回 CFArray 个实例的 SecCertificate 似乎值得一试?不幸的是,我现在无法调试。
也许试试这样的 -
if let certificates = SecTrustCopyCertificateChain(trust) as? [SecCertificate] {
let serverCertificatesData = Set(
certificates.map { SecCertificateCopyData($0) as Data }
)
}