Code Signing: Breaks for Device when enforcing Basic Constraints on WWDR CA

Originator:noloader
Number:rdar://13856278 Date Originated:09-May-2013 10:30 PM
Status:Open Resolved:
Product:Developer Tools (Xcode) Product Version:Version 4.6.2 (4H1003)
Classification:UI/Usability Reproducible:
 
Apple lists a number of developer related certificates at http://www.apple.com/certificateauthority/.

All CAs can be installed in System Keychain with Basic Constraints set to Trusted; and all other settings can be set to Untrusted sans "Code Signing". In addition, the Timestamp CA is set to allow "Time Stamping" (and does not require "Code Signing").

However, for Worldwide Developer Relations CA, the settings must be "Use Default Settings" which appears to be "do anything you want with anything you would like", or "everything fully trusted". Apple's CPS for WWDR does not discuss the need for additional capabilities and usage (http://www.apple.com/certificateauthority/Apple_WWDR_CPS).

If the settings for Worldwide Developer Relations CA are Basic Constraints and Code Signing, Code Signing will fail with:

.../DerivedData/XXX-YYY/Build/Products/Debug-iphoneos/XXX.app: CSSMERR_TP_NOT_TRUSTED
Command /usr/bin/codesign failed with exit code 1

Filed under UI/Usability, even though violating Principal of Least Privilege is often a Security bug (confer, Android and app permissions). Please feel free to change.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!