The URLCredential documentation says that “TLS credentials are never stored permanently by URLCredentialStorage. In general, use for-session persistence for TLS credentials”.
Are there any reasons of not storing them in Keychain? Is there any security risk?
Are there any reasons of not storing them in Keychain?
Not really. This is more an accident of history than anything else. When NSURLCredential was created, way back in the day with the initial introduction of NSURLConnection on macOS 10.2, there were no TLS authentication challenges. They were added many years later, with macOS 10.6. They were never fully integrated into the NSURLConnection architecture, and this limitation is just one of numerous places where that shows.
Is there any security risk?
No, that was never a concern.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Thanks “The Eskimo!”!
