[CDRIVER-2850] ENABLE_SSL=DARWIN not working on iOS Created: 10/Oct/18  Updated: 18/Sep/23

Status: Backlog
Project: C Driver
Component/s: None
Affects Version/s: 1.13.0
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Henrik Edin Assignee: Unassigned
Resolution: Unresolved Votes: 3
Labels: rb-track
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

iOS


Issue Links:
Related
is related to CDRIVER-2885 Topology scanner's SSL handshake is b... Backlog

 Description   

When trying to build for iOS with Darwin as SSL provider:

-DCMAKE_OSX_SYSROOT="$(xcrun --sdk iphoneos --show-sdk-path)"
-DCMAKE_OSX_ARCHITECTURES=arm64
-DENABLE_APPLE_FRAMEWORK=ON
-DENABLE_SSL=DARWIN
-DENABLE_SASL=OFF

You get compile errors such as:

 In file included from /data/mci/97cd3098a9faafefb11055b5df5e3537/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-stream-tls.c:38:
 In file included from /data/mci/97cd3098a9faafefb11055b5df5e3537/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport-private.h:27:
 /data/mci/97cd3098a9faafefb11055b5df5e3537/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-stream-tls-secure-transport-private.h:38:4: error: unknown type name 'SSLContextRef'
    SSLContextRef ssl_ctx_ref;
    ^
 In file included from /data/mci/97cd3098a9faafefb11055b5df5e3537/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-stream-tls.c:38:
 /data/mci/97cd3098a9faafefb11055b5df5e3537/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport-private.h:41:32: error: unknown type name 'SSLConnectionRef'
 mongoc_secure_transport_write (SSLConnectionRef connection,
                                ^
 /data/mci/97cd3098a9faafefb11055b5df5e3537/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport-private.h:45:31: error: unknown type name 'SSLConnectionRef'
 mongoc_secure_transport_read (SSLConnectionRef connection,
                               ^
 3 errors generated.
 make[2]: *** [src/libmongoc/CMakeFiles/mongoc_shared.dir/src/mongoc/mongoc-stream-tls.c.o] Error 1
 make[1]: *** [src/libmongoc/CMakeFiles/mongoc_shared.dir/all] Error 2

Which can be fixed by correcting the includes, but then you get compile errors like these instead:

/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:114:48: error: use of undeclared identifier 'kSecPropertyKeyLabel'; did you mean
      'kSecImportItemLabel'?
      item_label = CFDictionaryGetValue (item, kSecPropertyKeyLabel);
                                               ^~~~~~~~~~~~~~~~~~~~
                                               kSecImportItemLabel
/Users/henrikedin/Downloads/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator11.4.sdk/System/Library/Frameworks/Security.framework/Headers/SecImportExport.h:676:26: note:
      'kSecImportItemLabel' declared here
extern const CFStringRef kSecImportItemLabel
                         ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:117:45: error: use of undeclared identifier 'kSecPropertyKeyValue'; did you mean
      'kSecPropertyTypeTitle'?
         return CFDictionaryGetValue (item, kSecPropertyKeyValue);
                                            ^~~~~~~~~~~~~~~~~~~~
                                            kSecPropertyTypeTitle
/Users/henrikedin/Downloads/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator11.4.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h:110:26: note:
      'kSecPropertyTypeTitle' declared here
extern const CFStringRef kSecPropertyTypeTitle
                         ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:132:16: error: implicit declaration of function 'SecCertificateCopyValues' is invalid      in C99 [-Werror,-Wimplicit-function-declaration]
   cert_dict = SecCertificateCopyValues (cert, NULL, NULL);
               ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:132:16: note: did you mean 'SecCertificateCopyData'?
/Users/henrikedin/Downloads/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator11.4.sdk/System/Library/Frameworks/Security.framework/Headers/SecCertificate.h:86:11: note:
      'SecCertificateCopyData' declared here
CFDataRef SecCertificateCopyData(SecCertificateRef certificate)
          ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:132:14: warning: incompatible integer to pointer conversion assigning to
      'CFDictionaryRef' (aka 'const struct __CFDictionary *') from 'int' [-Wint-conversion]
   cert_dict = SecCertificateCopyValues (cert, NULL, NULL);
             ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:137:52: error: use of undeclared identifier 'kSecOIDX509V1SubjectName'
   subject_name = CFDictionaryGetValue (cert_dict, kSecOIDX509V1SubjectName);
                                                   ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:143:55: error: use of undeclared identifier 'kSecPropertyKeyValue'; did you mean
      'kSecPropertyTypeTitle'?
   subject_name = CFDictionaryGetValue (subject_name, kSecPropertyKeyValue);
                                                      ^~~~~~~~~~~~~~~~~~~~
                                                      kSecPropertyTypeTitle
/Users/henrikedin/Downloads/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator11.4.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h:110:26: note:
      'kSecPropertyTypeTitle' declared here
extern const CFStringRef kSecPropertyTypeTitle
                         ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:152:61: error: use of undeclared identifier 'kSecOIDCountryName'
   value = _mongoc_secure_transport_dict_get (subject_name, kSecOIDCountryName);
                                                            ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:156:47: error: use of undeclared identifier 'kSecOIDStateProvinceName'
                                              kSecOIDStateProvinceName);
                                              ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:160:56: error: use of undeclared identifier 'kSecOIDLocalityName'; did you mean
      'kSecPolicyName'?
      _mongoc_secure_transport_dict_get (subject_name, kSecOIDLocalityName);
                                                       ^~~~~~~~~~~~~~~~~~~
                                                       kSecPolicyName
/Users/henrikedin/Downloads/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator11.4.sdk/System/Library/Frameworks/Security.framework/Headers/SecPolicy.h:128:26: note:
      'kSecPolicyName' declared here
extern const CFStringRef kSecPolicyName
                         ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:164:56: error: use of undeclared identifier 'kSecOIDOrganizationName'; did you mean
      'kSecTrustOrganizationName'?
      _mongoc_secure_transport_dict_get (subject_name, kSecOIDOrganizationName);
                                                       ^~~~~~~~~~~~~~~~~~~~~~~
                                                       kSecTrustOrganizationName
/Users/henrikedin/Downloads/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator11.4.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h:160:26: note:
      'kSecTrustOrganizationName' declared here
extern const CFStringRef kSecTrustOrganizationName
                         ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:168:47: error: use of undeclared identifier 'kSecOIDOrganizationalUnitName'
                                              kSecOIDOrganizationalUnitName);
                                              ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:191:61: error: use of undeclared identifier 'kSecOIDCommonName'
   value = _mongoc_secure_transport_dict_get (subject_name, kSecOIDCommonName);
                                                            ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:195:56: error: use of undeclared identifier 'kSecOIDStreetAddress'
      _mongoc_secure_transport_dict_get (subject_name, kSecOIDStreetAddress);
                                                       ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:206:38: error: unknown type name 'SecExternalItemType'
                                     SecExternalItemType *type)
                                     ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:208:4: error: use of undeclared identifier 'SecExternalFormat'
   SecExternalFormat format = kSecFormatPEMSequence;
   ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:209:4: error: use of undeclared identifier 'SecItemImportExportKeyParameters'
   SecItemImportExportKeyParameters params;
   ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:210:4: error: unknown type name 'SecTransformRef'; did you mean 'SecRandomRef'?
   SecTransformRef sec_transform;
   ^~~~~~~~~~~~~~~
   SecRandomRef
/Users/henrikedin/Downloads/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator11.4.sdk/System/Library/Frameworks/Security.framework/Headers/SecRandom.h:46:36: note:
      'SecRandomRef' declared here
typedef const struct __SecRandom * SecRandomRef;
                                   ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:223:4: error: use of undeclared identifier 'params'
   params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
   ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:223:21: error: use of undeclared identifier 'SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION'
   params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
                    ^
/Users/henrikedin/mongo-c-driver/src/libmongoc/src/mongoc/mongoc-secure-transport.c:224:4: error: use of undeclared identifier 'params'
   params.flags = 0;
   ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]

Due to the fact that the Security framework is lacking features on iOS compared to OSX.

By looking at the code they all seem to have to do with extraction of data from certificates.

Would it be possible to add a flag that disables X509 (or what this code is used for) while still allowing for SSL to be enabled?

As a result of this the C Driver we're building for embedded has SSL disabled and is therefore not usable for anything else than communicating with the local instance.



 Comments   
Comment by Kevin Albertson [ 15/Nov/18 ]

Per recent discussion, we can conditionally compile support for loading custom CA/PEM files, and return an error at runtime for iOS. Note, until CDRIVER-2885 is resolved, enabling SSL in iOS will still have a blocking handshake.

Comment by Andrew Morrow (Inactive) [ 13/Nov/18 ]

Re-opening per https://github.com/mongodb/mongo-swift-driver/issues/141

Comment by Kevin Albertson [ 01/Nov/18 ]

Closing this since there's no clear need for this now. If we do provide a cocoapod, we can provide it without TLS. If we need to in the future we can re-open this ticket.

Generated at Wed Feb 07 21:16:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.