This project has moved and is read-only. For the latest updates, please go here.
1

Closed

Indy clients require "com.apple.security.network.server" entitlement in Mac OSX sandbox.

description

Indy clients, like TIdHTTP, require the "com.apple.security.network.server" entitlement when running in a Mac OSX sandbox. Apple then rejects the app when submitted:

"This app uses one or more entitlements which do not have matching functionality within the app. Apps should have only the minimum set of entitlements necessary for the app to function properly. Please remove all entitlements that are not needed by your app and submit an updated binary for review, including the following:

com.apple.security.network.server"

The problem appears to be related to TIdIOHandlerSocket.ConnectClient() calling TIdSocketHandle.Bind(). Apparently the server entitlement is required in order for the socket API bind() function to work. This seems wrong to me, since bind() is not restricted to just servers. Clients can use it too, especially on multi-homed networks. Possible Apple sandbox bug?

In any case, TIdSocketHandle.Bind() should be avoided (or updated to not call TIdSocketHandle.TryBind() internally) when the TIdSocketHandle.IP property is blank and the TIdSocketHandle.Port, TIdSocketHandle.ClientPortMin, and TIdSocketHandle.ClientPortMax properties are all 0. That would allow the socket to choose its own binding parameters when connect() is called.
Closed Apr 6 at 2:25 AM by gambit47

comments

gambit47 wrote Nov 15, 2014 at 10:52 PM

Updated TIdIOHandlerSocket.ConnectClient() to not call TIdSocketHandle.Bind() on OSX if no binding values have been assigned. See SVN rev 5204.

wrote Apr 6 at 2:25 AM