Swift and SecTrust
I ran into this issue myself and the header docs are a little bit confusing especially since the constants are defined as Int
s and SecTrustResultType is defined as a UInt32
.
But good news, the solution is rather simple just init SecTrustResultType
with kSecTrustResultInvalid
:
var secresult = SecTrustResultType(kSecTrustResultInvalid)
if (SecTrustEvaluate(serverTrust, &secresult) != errSecSuccess){
return;
}
Swift 2.3
var secresult = SecTrustResultType.Invalid
if (SecTrustEvaluate(serverTrust, &secresult) != errSecSuccess){
return;
}
You can init SecTrustResultType with this line in Swift 5
var secResult = SecTrustResultType.invalid
Different from the other answers, I preferred a single result handle ( SecTrustResultType ) when I checked a server's Certificate Chain. Please see below:
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
guard let trust: SecTrust = challenge.protectionSpace.serverTrust else {
return
}
var secResult = SecTrustResultType.invalid
SecTrustEvaluate(trust, &secResult)
switch secResult {
case .proceed:
// ✅
case .recoverableTrustFailure:
// ❌ check Root CA and Int CA trusted on IOS device
default:
// ❌ default error
}
completionHandler(.performDefaultHandling, nil)
}