Status
- Proposed - Sep 17, 2021
- Accepted - Sep 20, 2021
- Closed - Nov 17, 2021
Summary
SQLite.swift 0.13.0 was recently released and one of the changes included is an increase of the macOS minimum deployment target to 10.15 - diff.
PR #1925 began the work of bumping our own macOS minimum deployment target to 10.15, enabling us to support SQLite.swift 0.13.0. Dropping macOS 10.14 results in a number of warnings about deprecated APIs within the Apple Security.framework API. Note that the code in question is in the Starscream source code that we absorbed in PR #1906.
/apollo-ios/Sources/ApolloWebSocket/DefaultImplementation/SSLSecurity.swift:161:13: warning: 'SecTrustEvaluate' was deprecated in macOS 10.15: renamed to 'SecTrustEvaluateWithError(_:_:)'
/apollo-ios/Sources/ApolloWebSocket/DefaultImplementation/WebSocketStream.swift:101:23: warning: 'SSLSetEnabledCiphers' was deprecated in macOS 10.15: No longer supported. Use Network.framework.
/apollo-ios/Sources/ApolloWebSocket/DefaultImplementation/WebSocketStream.swift:197:7: warning: 'SSLGetPeerDomainNameLength' was deprecated in macOS 10.15: No longer supported. Use Network.framework.
/apollo-ios/Sources/ApolloWebSocket/DefaultImplementation/WebSocketStream.swift:201:9: warning: 'SSLGetPeerDomainName' was deprecated in macOS 10.15: No longer supported. Use Network.framework.
Replacing SecTrustEvaluate with SecTrustEvaluateWithError(_:_:) is easy enough - c0523d0.
The other "No longer supported." warnings are a bit more complicated:
- macOS 10.15 increased the security requirements for trusted certificates - announcement. With this increased scrutiny at the OS level it may no longer be required for our code to verify the domain name in order to trust a certificate. There are no tests of the Starscream source code to validate this logic.
- The Network framework appears to have an equivalent of
SSLSetEnabledCiphers in sec_protocol_options_append_tls_ciphersuite but the number of supported ciphers is dramatically reduced (SSLSettings vs. tls_ciphersuite_t). There are no tests of the Starscream source code to validate this logic.
We may be able to make the above changes and get the two frameworks working together but would have to invest in building a robust test suite for these changes; Starscream's test suite is not enough to rely on.
I've come to the conclusion that the effort to fix the warnings is non-trivial and without an immediate compelling reason to support a minimum of macOS 10.15 we should defer the work. Recently we have discussed excluding any networking stack changes from release 1.0. This decision would work in favour of that new timeline; including this change in release 2.0 would provide ~6 months post macOS 12/iOS 15 release, during which many apollo-ios users will hopefully drop their own support of macOS 10.14 and iOS 12.
Decision
Defer dropping support for macOS 10.14 and iOS 12 until release 2.0. This will very likely require writing our own WebSocket implementation using Apple's native WebSocket classes.
Consequences
Applications that have both apollo-ios and SQLite.swift as dependencies would be limited to SQLite.swift release 0.12.x and below (< 0.13.0). This is because we cannot support the required macOS minimum deployment target of 10.15 without fixing the deprecated API warnings.
Status
Summary
SQLite.swift 0.13.0 was recently released and one of the changes included is an increase of the macOS minimum deployment target to 10.15 - diff.
PR #1925 began the work of bumping our own macOS minimum deployment target to 10.15, enabling us to support SQLite.swift 0.13.0. Dropping macOS 10.14 results in a number of warnings about deprecated APIs within the Apple Security.framework API. Note that the code in question is in the Starscream source code that we absorbed in PR #1906.
Replacing
SecTrustEvaluatewithSecTrustEvaluateWithError(_:_:)is easy enough - c0523d0.The other "No longer supported." warnings are a bit more complicated:
SSLSetEnabledCiphersinsec_protocol_options_append_tls_ciphersuitebut the number of supported ciphers is dramatically reduced (SSLSettings vs. tls_ciphersuite_t). There are no tests of the Starscream source code to validate this logic.We may be able to make the above changes and get the two frameworks working together but would have to invest in building a robust test suite for these changes; Starscream's test suite is not enough to rely on.
I've come to the conclusion that the effort to fix the warnings is non-trivial and without an immediate compelling reason to support a minimum of macOS 10.15 we should defer the work. Recently we have discussed excluding any networking stack changes from release 1.0. This decision would work in favour of that new timeline; including this change in release 2.0 would provide ~6 months post macOS 12/iOS 15 release, during which many apollo-ios users will hopefully drop their own support of macOS 10.14 and iOS 12.
Decision
Defer dropping support for macOS 10.14 and iOS 12 until release 2.0. This will very likely require writing our own WebSocket implementation using Apple's native WebSocket classes.
Consequences
Applications that have both apollo-ios and SQLite.swift as dependencies would be limited to SQLite.swift release 0.12.x and below (< 0.13.0). This is because we cannot support the required macOS minimum deployment target of 10.15 without fixing the deprecated API warnings.