Open Radar

 
UPDATE: Apple marked as Duplicate of 10450268 (Open)

Summary:
I am not able to use an elliptic curve client certificate in my iOS app. My NSURLConnectionDelegate's  -connection:willSendRequestForAuthenticationChallenge: implementation retrieve's the SecIdentityRef for the client certificate from the app's keychain, but the connection fails.

In iOS 7, the TLS handshake fails. In iOS 8, the app appears to never actually send the client certificate to the server.

Under both versions of iOS, an RSA client certificate works correctly.

Steps to Reproduce:
1. Build an app that uses an NSURLConnection to connect to a server that is configured for TLS 1.2 and uses elliptic curve keys.
2. In your NSURLConnectionDelegate, when you are challenged to produce client credentials (authenticationMethod = NSURLAuthenticationMethodClientCertificate), use an NSURLCredential initialized with an EC identity and certificate.


Expected Results:
The server receives the client certificate and authenticates the client. The connection succeeds.

Actual Results:
Under iOS 7, the server rejects the client due to a bad handshake. According to (http://openradar.appspot.com/radar?id=5276828226813952), this is because iOS is not sending a required message in the handshake.

Under iOS 8, the server does not receive the client certificate at all. I have not been able to determine why it is not receiving the certificate, but I am certain that I am passing a valid SecIdentityRef to -[NSURLAuthenticationChallengeSender useCredential:forAuthenticationChallenge]

Version:
iOS 7.1.2 (11D257), iOS 8.0 (12A365)

Notes:

Configuration:
iPod Touch (5g)