I am trying to implement a socket secured with SSL in server mode. The certificate used needs to be self-signed, generated programmatically once and stored into the Keychain.
For socket functionality I use CocoaAsyncSocket (https://github.com/robbiehanson/CocoaAsyncSocket) which internally uses SSLContext and related stuff from native Security framework. For self-signed certificate generation I use MYGetOrCreateAnonymousIdentity function from MyUtilities (https://github.com/snej/MYUtilities/blob/master/MYAnonymousIdentity.h)
The code of securing the connection in swift looks like this:
var error: NSError? = nil
if let identity = MYGetOrCreateAnonymousIdentity("MyIdentity", 60.0 * 60.0 * 24.0 * 365.0 * 10.0, &error)?.takeUnretainedValue() {
var certificateOpt: SecCertificate? = nil
SecIdentityCopyCertificate(identity, &certificateOpt)
// Secure the socket
let settings: [String:NSObject] = [
kCFStreamSSLCertificates as String: self.sslCertificates as NSArray,
kCFStreamSSLIsServer as String: NSNumber(value: true)
]
socket.startTLS(settings)
}
else {
Swift.print("Failed to get certificates for SSL: \(error)")
return nil
}
The code seems to work fine: self-signed certificate is created and saved in the Keychain, the secured communication over the socket also seems to work ok.
The problem is that during SSL handshake (somewhere inside SSLHandshake function) a Keychain prompt is being shown, asking permission to use key "<key>" for signing. By looking into the Keychain, the "<key>" key seems to be some other key and not the one created by my program.
So why "<key>" key is being used here and how can I avoid the prompt being showed to the user?
