Xcode - Trying to add Self Signed Certificate (Not Verified)

What API are you using for WebSocket? NSURLSession? Network framework? Or perhaps you’re doing this from within Safari? Or a web view?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi,

I'm using the WebSocket from react native framework => https://reactnative.dev/docs/network#websocket-support I don't really know if that call NSURLSession or Network framework ...

To better understand, why when I choose "Debug" build configuration, ssl cert verification seems to be disabled => The connection works

But when I choose "Release" build configuration, ssl cert verification seems to be enabled => The connection doesn't work

Can you tell me how to disable ssl cert verification when I choose "Release" to do my first test?

Thank you

Can you tell me how to disable ssl cert verification when I choose "Release" to do my first test?

Apple’s WebSocket APIs [1] do not change behaviour based on the build configuration. If that’s what you’re seeing, that’s coming from the third-party library you’re using. That’s not something I can help you with. You have a couple of choices here:

• Dig into this WebSocket library to the point where you get to an Apple API, and we can discuss its behaviour.

• Escalate this with the support challenge for the third-party library you’re using.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] It’s not just WebSockets here. None of our TLS infrastructure behaviour based on the build configuration.

I understand thank you for your reply :)

And is there a way to programmatically implement (in objective-c) this below behavior ?

Because when the certificate is trusted in the settings every things works well.

I can write some objective-c code here :

Thanks

And is there a way to programmatically implement (in objective-c) this below behavior ?

You mean installing a trusted root? No. Apple specifically makes this hard because it’s a massive extension of trust.

Earlier you wrote:

I have a server on a device, on which I want to start a secure WebSocket communication

It sounds like you’re creating a network-enabled accessory of some form. If so, check out my TLS For Accessory Developers post.

The techniques described there assume that you can override TLS server trust evaluation. Most Apple APIs let you do this. This includes the APIs that typically back WebSocket implementations: NSURLSession, Network framework, and CFSocketStream. How you do that, however, depends on the specific API you’re using, which brings us back to the suggestions in my previous response.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello,

First of all, thank you so much for helping me :)

So, I finally found where the WebSocket was implemented :

https://github.com/facebook/react-native/blob/main/Libraries/WebSocket/RCTSRWebSocket.m

I found line 513 how this lib Allows connection to any root cert and why only in debug mode.

Now I don't really understand if I have to create my own function to override and add my certificateCA.cer or if there is an easier way to allow my certificate to be added ?

Thanks