Hi, I want to connect to our MQTT broker which validates client certificate. Client need to provide its own certificate with chain because broker does not know intermediate certificates. A library I am using has API to provide client certificate as SecIdentity. The library uses SecIdentiy like so:
public var clientIdentity: SecIdentity?
.
.
.
let secIdentity = sec_identity_create(clientIdentity)
sec_protocol_options_set_local_identity(options.securityProtocolOptions, secIdentity)
As far as I know SecIdentity contains leaf certificate and private key, there is no space for certificate chain.
I have edited this library API to use sec_identity_t directly and then provide it this way:
let secIdentity = sec_identity_create_with_certificates(clientIdentity, certs as CFArray
And then everything works, broker receives client certificate and chain.
So, is there a way to provide certificate chain with SecIdentity or only sec_identity_t can handle it?
Thanks :)
As far as I know
SecIdentitycontains leaf certificate and private key, there is no space for certificate chain.
Correct.
So, is there a way to provide certificate chain with
SecIdentity… ?
No. The technique you’re using is correct.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"