Fix copying ephemeral keys to keychains. (#106973)

Starting on macOS Sequoia, at least in beta, SecKeychainitemCopyKeychain no longer returns errSecNoSuchKeychain for ephemeral keys. Instead, it returns errSecInvalidItemRef. This adds the error code in the handling logic for when we need to add an ephemeral key to the target keychain.
dotnet · Aug 27, 2024 · 231cbb5 · 231cbb5
1 parent ef0c712
commit 231cbb5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/native/libs/System.Security.Cryptography.Native.Apple/pal_x509_macos.c b/src/native/libs/System.Security.Cryptography.Native.Apple/pal_x509_macos.c
@@ -391,7 +391,7 @@ int32_t AppleCryptoNative_X509CopyWithPrivateKey(SecCertificateRef cert,
     SecKeychainItemRef itemCopy = NULL;
 
     // This only happens with an ephemeral key, so the keychain we're adding it to is temporary.
-    if (status == errSecNoSuchKeychain)
+    if (status == errSecNoSuchKeychain || status == errSecInvalidItemRef)
     {
         status = AddKeyToKeychain(privateKey, targetKeychain, NULL);
     }