Handling self-signed certificates in URLAuthenticationChallenge on Linux

finestructure · April 3, 2019, 9:10am

In order to trust a self-signed certificate on macOS I've implemented the following URLSessionDelegate handler:

func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
    // trust certificate
    let cred = challenge.protectionSpace.serverTrust.map { URLCredential(trust: $0) }
    completionHandler(.useCredential, cred)
}

When compiling for Linux, I found that serverTrust is not available:

/package/Sources/ResterCore/Request.swift:255:38: error: value of type 'URLProtectionSpace' has no member 'serverTrust'

I was hoping to perhaps create the required credential without serverTrust but other ways to create a URLCredential are also unvailable:

// TODO: We have no implementation for Security.framework primitive types SecIdentity and SecTrust yet

Does anyone know of a way to work around this on Linux? I.e. is there a way to accept a self-signed certificate on Linux via URLSession?

Any pointers greatly appreciated!

sergiocampama · June 3, 2022, 11:46pm

Did you ever figure this out? Stuck in this same problem 3 years later :p

Jon_Shier · June 4, 2022, 12:03am

Nope, nothing has changed in this regard. URLSession in swift-corelibs-foundation remains woefully incomplete.

sergiocampama · June 4, 2022, 12:26am

welp, guess I'll just invoke curl behind the scenes

finestructure · June 4, 2022, 12:50pm

Sadly not. I simply disabled that functionality on Linux.

zunda · April 22, 2024, 12:55pm

@finestructure
I am facing same issue.
What do you disable on Linux?

finestructure · April 22, 2024, 2:07pm

I disabled support for self-signed certificates at the time (this was five years ago).

zunda · April 23, 2024, 5:33am

@finestructure
thanks I will try.

oliviermartin · April 23, 2024, 1:00pm

FYI, I have currently the same issue (TLS client certificate authentication on Linux platform).
I have worked on a potential support for Swift Foundation: URLSession: Added support for client certificate authentication for non MacOS platforms by oliviermartin · Pull Request #4937 · apple/swift-corelibs-foundation · GitHub
This support has limitation (private key cannot be stored in some secure storage) but it enables some use cases.

cc: @zunda

zunda · April 23, 2024, 1:15pm

@oliviermartin
Great job! I hope this pull request gets merged!