We define an event handler for OpenURL NSAppleEventManager *appleEventManager = [NSAppleEventManager sharedAppleEventManager]; [appleEventManager setEventHandler:self andSelector:@selector(handleGetURLEvent:withReplyEvent:) forEventClass:kInternetEventClass andEventID:kAEGetURL]; And we handle it here: (void)handleGetURLEvent:(NSAppleEventDescriptor *)event            withReplyEvent:(NSAppleEventDescriptor *)replyEvent { // Handler type stuff } If I'm debugging in Xcode, I see a SIGCONT before the handler is called. When I continue from the SIGCONT, I enter the handler and everything is fine. This causes automated tests to break, and is generally a pain in the you-know-where. Outside of Xcode it's fine. How can I make it stop doing this? Is there some Xcode setting I've overlooked?

We have an SSL VPN app. (NEPacketTunnelProvider)Per-app VPN with certificate authentication works when the device is enrolled with Device Enrollment. When the MDM uses User Enrollment the certificate isn't found in the keychain.- The certificate appears in the Management Profile details on the iOS device.- There is an identityReference in the VPN configuration profile.- The profile is correctly associated with the provider, and when the app starts the VPN extension starts and attemps authentication.- SecItemCopyMatching finds nothing in the keychain.Any ideas on this? Kevin

We've been using remote push notifications from a gateway to allow us to provide auth information. In some cases there's no sound to tell the user that a notification has arrived. In our code we specify UNAuthorizationOptionSounds, and the notification settings on the devices are set to allow notifications and sounds for the application. The client code hasn't changed in a couple of years, so I'm wondering whether something might have happened from the sending side. That's not my strongest area though. Does anyone know whether there could have been a change in the call generating the push notification which cut off the sound, and where I would look for documentation on that?

I'm trying to make sure that we're using the most up-to-date networking code on Apple platforms, and generally moving away from BSD sockets. This is fine for HTTP get <-> response exchanges (URLSession), and for TCP,TLS,UDP,DTLS etc. connections (NWConnection variants). I see nothing other than sockets for handling ICMP though. Is this true, or is there some API which I've missed that would let me deal with ICMP without using BSD sockets?

I've been looking at adding includeAllNetworks to our Network Extension VPN (Packet Tunnel Provider). We do some authentication in the app and then start the VPN. All connections in the VPN extension are done by IP address, so there is no name resolution required. The connection setup in the VPN extension involves some HTTP GETS &amp;amp; responses. I'm seeing a couple of problems. It looks like includeAllNetworks has to be set on the VPN configuration when it's defined. Is that correct? When I try setting it at other points, either in the NEPacketTunnelProvider protocolConfiguration or in the NEVPNManager protocol configuration it has no effect. The protocol itself appears to be inaccessible. When I set it in the NEVPNManager's protocolConfiguration before I start the connection it shows includeAllNetworks as set, but when I start the connection the nesessionmanager debug output shows that it's not set in the protocol and it's not in effect. Is there any way to set this on-the-fly? In our particular VPN interaction the Gateway tells the VPN client whether it wants the client to use includeAllNetworks, so we can't just hard-code it. When I do set this in the VPN configuration I can't reach the Gateway. I see that the nesessionmanager shows it as set, but the initial URLSession call gets a .cfurlErrorNotConnectedToInternet result in didCompleteWithError. I've verified that the URI specifies an IP address, not as a hostname, so for example https://10.0.1.10/someapi There is no network traffic after I start the connection until the connection fails, and transitions from Connecting to Disconnecting. (well, except for things like MDNS and a couple of others that aren't blocked by the setting) Since I'm connecting by IP address I'd expect that this would work. In the console I see default 13:42:57.476293-0700 VPNExtension [C10 Hostname#0a01000a:443 failed path (unsatisfied (Path was denied by NECP policy), interface: en0, ipv4)] event: null:null @4.222s I haven't seen any good examples of VPN setup with the new flags, and the documentation is frustratingly vague. Are there any good resources for this? Kevin

Hi! I've been looking into using fuzzing to test some of the things I'm working on.It looks like libFuzzer is included in the Swift developer snapshot, but not in the official release, and it doesn't look like the version of the compiler used by Xcode has the libFuzzer code available.The compiler does understand the complier flags for turning on fuzzing, but ends up with unresolved symbols--and the library's not in the tree that I've beenn able to find...___sanitizer_cov_8bit_counters_init", referenced from: _sancov.module_ctor in main.o ___sanitizer_cov_pcs_init", referenced from: _sancov.module_ctor in main.oHas anyone been working with fuzzing tools + XCTest? Fuzzing Objective-C code? Fuzzing Swift code?Any recommendations for tools that you've used which perform well? Preferably ones that are relatively mature, but given the apparent dearth of options I might need to waive that part...

I'm using a URLSession, and want to be able to identify the case when I have a bad client certificate. When I get a call to func urlSession(_ session:didReceive challenge:completionHandler) and send a bad certificate in response to the client cert challenge, I would expect an error of .cfurlErrorClientCertificateRejected In func urlSession(_ session: task:didCompleteWithError error:)  What I'm seeing instead is the generic .cfurlErrorSecureConnectionFailed When I was using the SSL APIs directly I was getting back errSSLPeerUnknownCA or errSSLPeerBadCert Which makes it clear where the problem lies. Is there a way to see that it was specifically a problem with the client certificate using the URLSession delegates?

We have a Network Extension app (packet_tunnel), and the development profile has multiple hardware IDs, certs etc. If I build the app on one system and try to run it on a different macOS system which is in the profile I get an initial Gatekeeper error (as expected). I then approve the app to run anyway. It runs, and when I connect to a VPN from that system the VPN extension is loaded, but then exits without calling the entry point. My understanding is that signature verification is done *before* the binary is loaded, so if I'm seeing code in VPN extension writing to a log file, I know the signing as been checked & passed. The class initializer for PacketTunnelProvider runs. There's log output from the class initializer, so we know that the VPN extension has been loaded successfully The entry point (startTunnelWithOptions:completionHandler:) is never called The VPN extension exits There's no crash log On some systems it works fine, and the VPN is fine We initially thought it was a signing problem, but since the binary is loading and running that's really looking like a red herring at the moment.

In our Network Extension we're trying to use URLSession for setting up a connection using a series of HTTP exchanges. I see an HTTP response in Wireshark which has multiple Set-Cookie headers, but only the last one shows up in the HTTPURLReponse. Traffic on the wire: Set-Cookie: ABC_COOKIE=2000;Path=/;Secure Set-Cookie: XYZ_COOKIE=tuv;Path=/;expires=&lt;somedate&gt;;Secure Set-Cookie: foo=bar;Secure;Path=/;expires=&lt;somedate&gt; Value in HTTPURLResponse.allHeaderFields: "Set-Cookie" =&amp;#9;"foo=bar;Secure;Path=/;expires=&lt;somedate&gt;" No sign of the other cookie values. I've seen comments on the web that the cookies in multiple Set-Cookie headers will be concatenated into a single header, but that's not at all what I'm seeing. Is there a way to access the other cookie values? If not, how can we use URLSession with an endpoint that will return multiple Set-Cookie headers?