Does not work with macOS in Terminal
After digging through the code and documentation, I learned that
SSLService.Configuration(withChainFilePath ... is the only supported method on macOS. This wasn't clear to me from the README, but this PKCS12 method is also not working for me.
When I try to connect, it gives me an error:
Error code: 2(0x2), ERROR: Could not load content of PKCS12 file
Here is my code:
let config = SSLService.Configuration(withChainFilePath: "cert/cert.pfx",
withPassword: "password",
usingSelfSignedCerts: true)
socket.delegate = try SSLService(usingConfiguration: config)
try socket.connect(to: "https://----", port: XXXX)
I thought it could've been my certificate so I've also tried generating PKCS12 from following this blog but gave me the same error https://developer.ibm.com/swift/2016/09/22/securing-kitura-part-1-enabling-ssltls-on-your-swift-server/
This looks like the certificate you're looking to load is not being found on the path provided. Try passing in a complete fully qualified pathname. I ran some tests here and all seems to be working however, I was able to reproduce the error when I changed the path to a different place. Let me know how you make out.
In that case it will throw Certificate chain doesn't exist at specified path error instead.
I tried with a full path and I get a same error.
Actually I just ran it on Xcode and it works. It doesn't work when the program is ran directly from the shell, which is what I need. The error seems to be similar to this one: https://github.com/IBM-Swift/BlueSSLService/issues/32
Do you know anything about Keychain Access usage when running this from the terminal? I've noticed that when I run it in Xcode, it gives me a popup that asks for access to Keychain. Not sure how this will work standalone..
The difference between running it on the terminal and in Xcode primarily has to do with the path. I suggest that you use the fully qualified pathname of the certificate. Then execute the following commands from the terminal:
security unlock-keychain
security import <full path of certificate> -f pkcs12 -P <password for certificate> -T <full path of the application>
Let me know how you make out...
Thanks for getting back. Yes I'm using the full path. I tried the above commands but it didn't work. I need to run this program as sudo and that might be causing some problems too. I've also ran the above commands with sudo as well.
Are you still having this problem? Thanks.