Problem with expired certificates

[pmauchle]

We have successfully implemented the SDK in our app, and checking certificates works, but not in the case of expired certificates. They always show valid. This problem is only in iOS. We don't have a problem with the Android SDK.

Here is how we test:`

let result: Result<VerifierCertificateHolder, CovidCertError> = CovidCertificateSDK.Verifier.decode(encodedData: data);

switch result {
case .success(let certHolder):
        CovidCertificateSDK.Verifier.check(holder: certHolder, forceUpdate: false) {result in

        ... here, we check nationalRules, signature and revocationStatus and they are all valid

The "Covid check" app shows following:

How do we check if the certificate is expired?

[pmauchle]

Unfourtanly the error still occurs after updating to the latest version. Also now I'm getting NETWORK_PARSE_ERROR errors while testing in the nationalRules.

[stmitt]

@pmauchle we'll look into it. Which version of the SDK are you using?

[pmauchle]

@stmitt I just added the SDK again this morning in the swift package manager and use this git repo with the branch main.

[stmitt]

@pmauchle can you try specifying the 1.0.1 release. The main branch uses a not yet deployed backend.

[pmauchle]

@stmitt I get a dependency error:
Dependencies could not be resolved because package 'covidcertificate-sdk-ios' is required using a stable-version but 'covidcertificate-sdk-ios' depends on an unstable-version package 'swiftcbor' and root depends on 'CovidCertificate-SDK-iOS' 1.0.1.

Same message with 1.0.0

[stmitt]

@pmauchle we'll look into this dependency issue for the next release. Can you try to specify the git commit of the latest release directly?
.revision("9293f2274fc16cf0949ecfbbd31c6fa00e6a8704")

[pmauchle]

@stmitt I get an error with SecTrustEvaluateWithError, probably this commit would fix it.

b4e64e4#diff-fa8ca0c7a18dead3a5acad8edb89e43ff05841d344bd77b8f6ef58ecf43587c3

[stmitt]

@pmauchle Yes indeed, does it work by setting .revision("b4e64e48c32174ea39979d002b55a272c68029c8")?

[pmauchle]

@stmitt that worked, I was able to add it in the swift package manager and build it.

But I still get NETWORK_PARSE_ERROR in the nationalRules. I used the same API key as in our app which is live and the scanning there works, with the exception of expired certificates.

[stmitt]

Can you check what the backend is returning for this network request? I just tried the SDK with this specific commit and it works fine. Can you check if you use the API key for the correct environment?

[stmitt]

@pmauchle I just noticed in your initial post: while the national rule check was technically successful and no error occurred the isValid flag is set to false and therefore the certificate is not valid anymore.

[pmauchle]

@stmitt it works now in dev environment, I used the prod API keys. I did not know that I have to check even further in the nartionalRules, thanks for pointing that out. I will report if the problem is also solved in Testflight & Live.

[pmauchle]

@stmitt it works on TestFlight, thank you very much for you help!