Fix for SecPolicyCreateSSL in Catalina and iOS 13 (Closes #798)

author: Joe George <joe@zeroc.com> 2020-04-17 11:38:39 -0400
committer: GitHub <noreply@github.com> 2020-04-17 11:38:39 -0400
commit: 5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f (patch)
tree: 7ce16aef54c825c6ad3f025da822d309eda8e0aa
parent: Fixed SSL transceiver to no longer rely on BeginWrite/BeginRead, fixes #781 (diff)
download: ice-5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f.tar.bz2
ice-5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f.tar.xz
ice-5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f.zip
2 files changed, 209 insertions, 36 deletions
diff --git a/CHANGELOG-3.7.md b/CHANGELOG-3.7.md
index 54072714167..5a16d94e5de 100644
--- a/CHANGELOG-3.7.md
+++ b/CHANGELOG-3.7.md
@@ -8,45 +8,218 @@ We recommend that you use the release notes as a guide for migrating your
 applications to this release, and the manual for complete details on a
 particular aspect of Ice.
 
+- [Changes in Ice 3.7.4](#changes-in-ice-374)
+   [General Changes](#general-changes)
+- [Changes in Ice 3.7.4](#changes-in-ice-374)
+  - [General Changes](#general-changes)
 - [Changes in Ice 3.7.3](#changes-in-ice-373)
-  * [General Changes](#general-changes)
-  * [C++ Changes](#c-changes)
-  * [C# Changes](#c-changes-1)
-  * [Java Changes](#java-changes)
-  * [JavaScript Changes](#javascript-changes)
-  * [MATLAB Changes](#matlab-changes)
-  * [Python Changes](#python-changes)
+  - [General Changes](#general-changes-1)
+  - [C++ Changes](#c-changes)
+  - [C# Changes](#c-changes-1)
+  - [Java Changes](#java-changes)
+  - [JavaScript Changes](#javascript-changes)
+  - [MATLAB Changes](#matlab-changes)
+  - [Python Changes](#python-changes)
 - [Changes in Ice 3.7.2](#changes-in-ice-372)
-  * [General Changes](#general-changes-1)
-  * [C++ Changes](#c-changes-2)
-  * [C# Changes](#c-changes-3)
-  * [Java Changes](#java-changes-1)
-  * [JavaScript Changes](#javascript-changes-1)
-  * [MATLAB Changes](#matlab-changes-1)
-  * [Objective-C Changes](#objective-c-changes)
-  * [PHP Changes](#php-changes)
-  * [Python Changes](#python-changes-1)
+  - [General Changes](#general-changes-2)
+  - [C++ Changes](#c-changes-2)
+  - [C# Changes](#c-changes-3)
+  - [Java Changes](#java-changes-1)
+  - [JavaScript Changes](#javascript-changes-1)
+  - [MATLAB Changes](#matlab-changes-1)
+  - [Objective-C Changes](#objective-c-changes)
+  - [PHP Changes](#php-changes)
+  - [Python Changes](#python-changes-1)
 - [Changes in Ice 3.7.1](#changes-in-ice-371)
-  * [General Changes](#general-changes-2)
-  * [C++ Changes](#c-changes-4)
-  * [C# Changes](#c-changes-5)
-  * [Java Changes](#java-changes-2)
-  * [JavaScript Changes](#javascript-changes-2)
-  * [MATLAB Changes](#matlab-changes-2)
-  * [Objective-C Changes](#objective-c-changes-1)
-  * [PHP Changes](#php-changes-1)
-  * [Python Changes](#python-changes-2)
-  * [Ruby Changes](#ruby-changes)
+  - [General Changes](#general-changes-3)
+  - [C++ Changes](#c-changes-4)
+  - [C# Changes](#c-changes-5)
+  - [Java Changes](#java-changes-2)
+  - [JavaScript Changes](#javascript-changes-2)
+  - [MATLAB Changes](#matlab-changes-2)
+  - [Objective-C Changes](#objective-c-changes-1)
+  - [PHP Changes](#php-changes-1)
+  - [Python Changes](#python-changes-2)
+  - [Ruby Changes](#ruby-changes)
 - [Changes in Ice 3.7.0](#changes-in-ice-370)
-  * [General Changes](#general-changes-3)
-  * [C++ Changes](#c-changes-6)
-  * [C# Changes](#c-changes-7)
-  * [Java Changes](#java-changes-3)
-  * [JavaScript Changes](#javascript-changes-3)
-  * [Objective-C Changes](#objective-c-changes-2)
-  * [PHP Changes](#php-changes-2)
-  * [Python Changes](#python-changes-3)
-  * [Ruby Changes](#ruby-changes-1)
+  - [General Changes](#general-changes-4)
+  - [C++ Changes](#c-changes-6)
+  - [C# Changes](#c-changes-7)
+  - [Java Changes](#java-changes-3)
+  - [JavaScript Changes](#javascript-changes-3)
+  - [Objective-C Changes](#objective-c-changes-2)
+  - [PHP Changes](#php-changes-2)
+  - [Python Changes](#python-changes-3)
+  - [Ruby Changes](#ruby-changes-1)
+   [General Changes](#general-changes-1)
+   [C++ Changes](#c-changes)
+   [C# Changes](#c-changes-1)
+   [Java Changes](#java-changes)
+   [JavaScript Changes](#javascript-changes)
+   [MATLAB Changes](#matlab-changes)
+   [Python Changes](#python-changes)
+- [Changes in Ice 3.7.4](#changes-in-ice-374)
+  - [General Changes](#general-changes)
+- [Changes in Ice 3.7.3](#changes-in-ice-373)
+  - [General Changes](#general-changes-1)
+  - [C++ Changes](#c-changes)
+  - [C# Changes](#c-changes-1)
+  - [Java Changes](#java-changes)
+  - [JavaScript Changes](#javascript-changes)
+  - [MATLAB Changes](#matlab-changes)
+  - [Python Changes](#python-changes)
+- [Changes in Ice 3.7.2](#changes-in-ice-372)
+  - [General Changes](#general-changes-2)
+  - [C++ Changes](#c-changes-2)
+  - [C# Changes](#c-changes-3)
+  - [Java Changes](#java-changes-1)
+  - [JavaScript Changes](#javascript-changes-1)
+  - [MATLAB Changes](#matlab-changes-1)
+  - [Objective-C Changes](#objective-c-changes)
+  - [PHP Changes](#php-changes)
+  - [Python Changes](#python-changes-1)
+- [Changes in Ice 3.7.1](#changes-in-ice-371)
+  - [General Changes](#general-changes-3)
+  - [C++ Changes](#c-changes-4)
+  - [C# Changes](#c-changes-5)
+  - [Java Changes](#java-changes-2)
+  - [JavaScript Changes](#javascript-changes-2)
+  - [MATLAB Changes](#matlab-changes-2)
+  - [Objective-C Changes](#objective-c-changes-1)
+  - [PHP Changes](#php-changes-1)
+  - [Python Changes](#python-changes-2)
+  - [Ruby Changes](#ruby-changes)
+- [Changes in Ice 3.7.0](#changes-in-ice-370)
+  - [General Changes](#general-changes-4)
+  - [C++ Changes](#c-changes-6)
+  - [C# Changes](#c-changes-7)
+  - [Java Changes](#java-changes-3)
+  - [JavaScript Changes](#javascript-changes-3)
+  - [Objective-C Changes](#objective-c-changes-2)
+  - [PHP Changes](#php-changes-2)
+  - [Python Changes](#python-changes-3)
+  - [Ruby Changes](#ruby-changes-1)
+   [General Changes](#general-changes-2)
+   [C++ Changes](#c-changes-2)
+   [C# Changes](#c-changes-3)
+   [Java Changes](#java-changes-1)
+   [JavaScript Changes](#javascript-changes-1)
+   [MATLAB Changes](#matlab-changes-1)
+   [Objective-C Changes](#objective-c-changes)
+   [PHP Changes](#php-changes)
+   [Python Changes](#python-changes-1)
+- [Changes in Ice 3.7.4](#changes-in-ice-374)
+  - [General Changes](#general-changes)
+- [Changes in Ice 3.7.3](#changes-in-ice-373)
+  - [General Changes](#general-changes-1)
+  - [C++ Changes](#c-changes)
+  - [C# Changes](#c-changes-1)
+  - [Java Changes](#java-changes)
+  - [JavaScript Changes](#javascript-changes)
+  - [MATLAB Changes](#matlab-changes)
+  - [Python Changes](#python-changes)
+- [Changes in Ice 3.7.2](#changes-in-ice-372)
+  - [General Changes](#general-changes-2)
+  - [C++ Changes](#c-changes-2)
+  - [C# Changes](#c-changes-3)
+  - [Java Changes](#java-changes-1)
+  - [JavaScript Changes](#javascript-changes-1)
+  - [MATLAB Changes](#matlab-changes-1)
+  - [Objective-C Changes](#objective-c-changes)
+  - [PHP Changes](#php-changes)
+  - [Python Changes](#python-changes-1)
+- [Changes in Ice 3.7.1](#changes-in-ice-371)
+  - [General Changes](#general-changes-3)
+  - [C++ Changes](#c-changes-4)
+  - [C# Changes](#c-changes-5)
+  - [Java Changes](#java-changes-2)
+  - [JavaScript Changes](#javascript-changes-2)
+  - [MATLAB Changes](#matlab-changes-2)
+  - [Objective-C Changes](#objective-c-changes-1)
+  - [PHP Changes](#php-changes-1)
+  - [Python Changes](#python-changes-2)
+  - [Ruby Changes](#ruby-changes)
+- [Changes in Ice 3.7.0](#changes-in-ice-370)
+  - [General Changes](#general-changes-4)
+  - [C++ Changes](#c-changes-6)
+  - [C# Changes](#c-changes-7)
+  - [Java Changes](#java-changes-3)
+  - [JavaScript Changes](#javascript-changes-3)
+  - [Objective-C Changes](#objective-c-changes-2)
+  - [PHP Changes](#php-changes-2)
+  - [Python Changes](#python-changes-3)
+  - [Ruby Changes](#ruby-changes-1)
+   [General Changes](#general-changes-3)
+   [C++ Changes](#c-changes-4)
+   [C# Changes](#c-changes-5)
+   [Java Changes](#java-changes-2)
+   [JavaScript Changes](#javascript-changes-2)
+   [MATLAB Changes](#matlab-changes-2)
+   [Objective-C Changes](#objective-c-changes-1)
+   [PHP Changes](#php-changes-1)
+   [Python Changes](#python-changes-2)
+   [Ruby Changes](#ruby-changes)
+- [Changes in Ice 3.7.4](#changes-in-ice-374)
+  - [General Changes](#general-changes)
+- [Changes in Ice 3.7.3](#changes-in-ice-373)
+  - [General Changes](#general-changes-1)
+  - [C++ Changes](#c-changes)
+  - [C# Changes](#c-changes-1)
+  - [Java Changes](#java-changes)
+  - [JavaScript Changes](#javascript-changes)
+  - [MATLAB Changes](#matlab-changes)
+  - [Python Changes](#python-changes)
+- [Changes in Ice 3.7.2](#changes-in-ice-372)
+  - [General Changes](#general-changes-2)
+  - [C++ Changes](#c-changes-2)
+  - [C# Changes](#c-changes-3)
+  - [Java Changes](#java-changes-1)
+  - [JavaScript Changes](#javascript-changes-1)
+  - [MATLAB Changes](#matlab-changes-1)
+  - [Objective-C Changes](#objective-c-changes)
+  - [PHP Changes](#php-changes)
+  - [Python Changes](#python-changes-1)
+- [Changes in Ice 3.7.1](#changes-in-ice-371)
+  - [General Changes](#general-changes-3)
+  - [C++ Changes](#c-changes-4)
+  - [C# Changes](#c-changes-5)
+  - [Java Changes](#java-changes-2)
+  - [JavaScript Changes](#javascript-changes-2)
+  - [MATLAB Changes](#matlab-changes-2)
+  - [Objective-C Changes](#objective-c-changes-1)
+  - [PHP Changes](#php-changes-1)
+  - [Python Changes](#python-changes-2)
+  - [Ruby Changes](#ruby-changes)
+- [Changes in Ice 3.7.0](#changes-in-ice-370)
+  - [General Changes](#general-changes-4)
+  - [C++ Changes](#c-changes-6)
+  - [C# Changes](#c-changes-7)
+  - [Java Changes](#java-changes-3)
+  - [JavaScript Changes](#javascript-changes-3)
+  - [Objective-C Changes](#objective-c-changes-2)
+  - [PHP Changes](#php-changes-2)
+  - [Python Changes](#python-changes-3)
+  - [Ruby Changes](#ruby-changes-1)
+   [General Changes](#general-changes-4)
+   [C++ Changes](#c-changes-6)
+   [C# Changes](#c-changes-7)
+   [Java Changes](#java-changes-3)
+   [JavaScript Changes](#javascript-changes-3)
+   [Objective-C Changes](#objective-c-changes-2)
+   [PHP Changes](#php-changes-2)
+   [Python Changes](#python-changes-3)
+   [Ruby Changes](#ruby-changes-1)
+
+# Changes in Ice 3.7.4
+
+These are the changes since Ice 3.7.3.
+
+## General Changes
+
+- Fixed bug that would cause certificate verification failure on macOS Catalina
+  and iOS 13 when using SecureTransport and with `IceSSL.CheckCertName` property
+  is set to a value greater than `0`. This only affects certificates generated
+  after July 1, 2019.
 
 # Changes in Ice 3.7.3
 
diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
index a52067b962d..baca671a89b 100644
--- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
+++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
@@ -121,7 +121,7 @@ checkTrustResult(SecTrustRef trust,
         if(engine->getCheckCertName() && !host.empty())
         {
             UniqueRef<CFStringRef> hostref(toCFString(host));
-            UniqueRef<SecPolicyRef> policy(SecPolicyCreateSSL(false, hostref.get()));
+            UniqueRef<SecPolicyRef> policy(SecPolicyCreateSSL(true, hostref.get()));
             UniqueRef<CFArrayRef> policies;
             if((err = SecTrustCopyPolicies(trust, &policies.get())))
             {
author	Joe George <joe@zeroc.com>	2020-04-17 11:38:39 -0400
committer	GitHub <noreply@github.com>	2020-04-17 11:38:39 -0400
commit	5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f (patch)
tree	7ce16aef54c825c6ad3f025da822d309eda8e0aa
parent	Fixed SSL transceiver to no longer rely on BeginWrite/BeginRead, fixes #781 (diff)
download	ice-5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f.tar.bz2 ice-5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f.tar.xz ice-5117dcde4a6a9f721e0b1a3bc9b5f9fb9112da0f.zip