BlueSSLService icon indicating copy to clipboard operation
BlueSSLService copied to clipboard
verified publisher icon Kitura

Does not work with macOS in Terminal

Open alexisoyama opened this issue 7 years ago • 6 comments

After digging through the code and documentation, I learned that SSLService.Configuration(withChainFilePath ... is the only supported method on macOS. This wasn't clear to me from the README, but this PKCS12 method is also not working for me.

When I try to connect, it gives me an error: Error code: 2(0x2), ERROR: Could not load content of PKCS12 file

Here is my code:

let config = SSLService.Configuration(withChainFilePath: "cert/cert.pfx",
                                  withPassword: "password",
                                  usingSelfSignedCerts: true)
socket.delegate = try SSLService(usingConfiguration: config)
try socket.connect(to: "https://----", port: XXXX)

I thought it could've been my certificate so I've also tried generating PKCS12 from following this blog but gave me the same error https://developer.ibm.com/swift/2016/09/22/securing-kitura-part-1-enabling-ssltls-on-your-swift-server/

alexisoyama avatar Aug 20 '18 23:08 alexisoyama

This looks like the certificate you're looking to load is not being found on the path provided. Try passing in a complete fully qualified pathname. I ran some tests here and all seems to be working however, I was able to reproduce the error when I changed the path to a different place. Let me know how you make out.

billabt avatar Aug 21 '18 12:08 billabt

In that case it will throw Certificate chain doesn't exist at specified path error instead. I tried with a full path and I get a same error.

alexisoyama avatar Aug 21 '18 16:08 alexisoyama

Actually I just ran it on Xcode and it works. It doesn't work when the program is ran directly from the shell, which is what I need. The error seems to be similar to this one: https://github.com/IBM-Swift/BlueSSLService/issues/32

Do you know anything about Keychain Access usage when running this from the terminal? I've noticed that when I run it in Xcode, it gives me a popup that asks for access to Keychain. Not sure how this will work standalone..

alexisoyama avatar Aug 21 '18 16:08 alexisoyama

The difference between running it on the terminal and in Xcode primarily has to do with the path. I suggest that you use the fully qualified pathname of the certificate. Then execute the following commands from the terminal:

security unlock-keychain
security import <full path of certificate> -f pkcs12 -P <password for certificate> -T <full path of the application>

Let me know how you make out...

billabt avatar Aug 23 '18 14:08 billabt

Thanks for getting back. Yes I'm using the full path. I tried the above commands but it didn't work. I need to run this program as sudo and that might be causing some problems too. I've also ran the above commands with sudo as well.

alexisoyama avatar Aug 27 '18 20:08 alexisoyama

Are you still having this problem? Thanks.

billabt avatar Oct 16 '18 14:10 billabt