Cocoa mail archive
Re: How to handle bad certificate error in NSURLDownload?
FROM : Jens Alfke
DATE : Mon May 19 22:07:08 2008
On 19 May '08, at 12:27 PM, Jack Repenning wrote:
> Does NSURLDownload end up using OpenSSL to certify? In which case,
> it would run afoul of the problem that OS X OpenSSL ships with no CA
> chain.
No. None of Apple's security software uses OpenSSL; that library's in
the OS for compatibility and because a lot of other open-source
packages use it.
Apple's security software is all based on CDSA. Foundation and
CFNetwork use the SecureTransport API in the Security framework, so
they're using the same certificate database you see in the Keychain
Access app.
—Jens
DATE : Mon May 19 22:07:08 2008
On 19 May '08, at 12:27 PM, Jack Repenning wrote:
> Does NSURLDownload end up using OpenSSL to certify? In which case,
> it would run afoul of the problem that OS X OpenSSL ships with no CA
> chain.
No. None of Apple's security software uses OpenSSL; that library's in
the OS for compatibility and because a lot of other open-source
packages use it.
Apple's security software is all based on CDSA. Foundation and
CFNetwork use the SecureTransport API in the Security framework, so
they're using the same certificate database you see in the Keychain
Access app.
—Jens
