Swift and SecTrust

I ran into this issue myself and the header docs are a little bit confusing especially since the constants are defined as Ints and SecTrustResultType is defined as a UInt32.

But good news, the solution is rather simple just init SecTrustResultType with kSecTrustResultInvalid:

var secresult = SecTrustResultType(kSecTrustResultInvalid)
if (SecTrustEvaluate(serverTrust, &secresult) != errSecSuccess){
       return;
}

Swift 2.3

var secresult = SecTrustResultType.Invalid
if (SecTrustEvaluate(serverTrust, &secresult) != errSecSuccess){
       return;
}

You can init SecTrustResultType with this line in Swift 5

var secResult = SecTrustResultType.invalid

Different from the other answers, I preferred a single result handle ( SecTrustResultType ) when I checked a server's Certificate Chain. Please see below:

func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

        guard let trust: SecTrust = challenge.protectionSpace.serverTrust else {
            return
        }

        var secResult = SecTrustResultType.invalid
        SecTrustEvaluate(trust, &secResult)
        switch secResult {
          case .proceed:
            // ✅
          case .recoverableTrustFailure:
            // ❌ check Root CA and Int CA trusted on IOS device
          default:
            // ❌ default error
        }

        completionHandler(.performDefaultHandling, nil)
    }

Tags:

Ios

Swift

Recent Posts