zeroc-ice 3.8.0 → 3.8.2

data/dist/ice/cpp/src/Ice/SSL/OpenSSLTransceiverI.cpp

@@ -20,7 +20,6 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-#include <iostream>
 #include <mutex>
 
 using namespace std;
@@ -41,10 +40,14 @@ namespace
 {
     bool defaultVerificationCallback(bool ok, X509_STORE_CTX*, const Ice::SSL::ConnectionInfoPtr&) { return ok; }
 
+    /// Returns nullptr if SSL_CTX_new fails; the caller is responsible for checking the return value.
     SSL_CTX* defaultSSLContextSelectionCallback(const string&)
     {
         SSL_CTX* defaultSSLContext = SSL_CTX_new(TLS_method());
-        SSL_CTX_set_default_verify_paths(defaultSSLContext);
+        if (defaultSSLContext)
+        {
+            SSL_CTX_set_default_verify_paths(defaultSSLContext);
+        }
         return defaultSSLContext;
     }
 }
@@ -90,7 +93,13 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
         }
         SSL_set_bio(_ssl, bio, bio);
 
-        SSL_set_ex_data(_ssl, 0, this);
+        if (!SSL_set_ex_data(_ssl, 0, this))
+        {
+            throw SecurityException(
+                __FILE__,
+                __LINE__,
+                "SSL transport: error setting ex data:\n" + _engine->sslErrors());
+        }
         SSL_set_verify(_ssl, SSL_get_verify_mode(_ssl), Ice_SSL_opensslVerifyCallback);
         // Enable SNI by default for outgoing connections. The SNI host name is always empty for incoming connections.
         if (!_host.empty() && !IceInternal::isIpAddress(_host) && !SSL_set_tlsext_host_name(_ssl, _host.c_str()))
@@ -108,6 +117,8 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
 
     while (!SSL_is_init_finished(_ssl))
     {
+        // Clear the error queue before the TLS I/O operation; SSL_get_error requires an empty queue to work reliably.
+        ERR_clear_error();
         int ret = _incoming ? SSL_accept(_ssl) : SSL_connect(_ssl);
 
         if (ret <= 0)

data/dist/ice/cpp/src/Ice/SSL/RFC2253.cpp

@@ -146,7 +146,7 @@ RFC2253::unescape(const string& data)
                 {
                     throw ParseException(__FILE__, __LINE__, "unescape: invalid escape sequence");
                 }
-                if (special.find(data[pos]) != string::npos || data[pos] != '\\' || data[pos] != '"')
+                if (special.find(data[pos]) != string::npos || data[pos] == '\\' || data[pos] == '"')
                 {
                     result += data[pos];
                     ++pos;
@@ -185,7 +185,7 @@ static char
 unescapeHex(const string& data, size_t pos)
 {
     assert(pos < data.size());
-    if (pos + 2 >= data.size())
+    if (pos + 2 > data.size())
     {
         throw Ice::ParseException(__FILE__, __LINE__, "unescape: invalid hex pair");
     }
@@ -431,7 +431,7 @@ parsePair(const string& data, size_t& pos)
         throw Ice::ParseException(__FILE__, __LINE__, "invalid escape format (unexpected end of data)");
     }
 
-    if (special.find(data[pos]) != string::npos || data[pos] != '\\' || data[pos] != '"')
+    if (special.find(data[pos]) != string::npos || data[pos] == '\\' || data[pos] == '"')
     {
         result += data[pos];
         ++pos;

data/dist/ice/cpp/src/Ice/SSL/SSLEndpointI.cpp

@@ -232,7 +232,7 @@ Ice::SSL::EndpointI::endpoint(const IceInternal::EndpointIPtr& delEndp) const
 {
     if (delEndp.get() == _delegate.get())
     {
-        return dynamic_pointer_cast<EndpointI>(const_cast<EndpointI*>(this)->shared_from_this());
+        return static_pointer_cast<EndpointI>(const_cast<EndpointI*>(this)->shared_from_this());
     }
     else
     {

data/dist/ice/cpp/src/Ice/SSL/SSLEngine.h

@@ -23,7 +23,7 @@ namespace Ice::SSL
     {
     public:
         SSLEngine(const IceInternal::InstancePtr&);
-        ~SSLEngine();
+        virtual ~SSLEngine();
 
         [[nodiscard]] Ice::LoggerPtr getLogger() const;
         [[nodiscard]] Ice::PropertiesPtr getProperties() const;
@@ -34,9 +34,6 @@ namespace Ice::SSL
         // Setup the engine.
         virtual void initialize() = 0;
 
-        // Destroy the engine.
-        virtual void destroy() = 0;
-
         // Verify peer certificate.
         virtual void verifyPeer(const ConnectionInfoPtr&) const;
 
@@ -57,12 +54,9 @@ namespace Ice::SSL
     private:
         const IceInternal::InstancePtr _instance;
         const TrustManagerPtr _trustManager;
-
-        std::string _password;
-
-        bool _checkCertName;
-        int _verifyPeer;
-        int _securityTraceLevel;
+        bool _checkCertName{false};
+        int _verifyPeer{0};
+        int _securityTraceLevel{0};
         std::string _securityTraceCategory;
         const bool _revocationCheckCacheOnly{false};
         const int _revocationCheck{0};

data/dist/ice/cpp/src/Ice/SSL/SSLUtil.cpp

@@ -67,6 +67,12 @@ Ice::SSL::parseBytes(const string& arg, vector<unsigned char>& buffer)
     }
     v = s.str();
 
+    // Each byte requires exactly two hex digits; reject odd-length strings.
+    if (v.size() % 2 != 0)
+    {
+        return false;
+    }
+
     // Convert the bytes.
     for (size_t i = 0, length = v.size(); i + 2 <= length;)
     {
@@ -86,7 +92,12 @@ Ice::SSL::readFile(const string& file, vector<char>& buffer)
     }
 
     is.seekg(0, is.end);
-    buffer.resize(static_cast<size_t>(is.tellg()));
+    streampos size = is.tellg();
+    if (size == streampos{-1})
+    {
+        throw CertificateReadException(__FILE__, __LINE__, "error determining file size: " + file);
+    }
+    buffer.resize(static_cast<size_t>(size));
     is.seekg(0, is.beg);
 
     if (!buffer.empty())
@@ -345,7 +356,7 @@ Ice::SSL::getSubjectAltNames(PCCERT_CONTEXT cert)
                                 os << ".";
                             }
                         }
-                        altNames.push_back(make_pair(AltNAmeIP, os.str()));
+                        altNames.push_back(make_pair(AltNameIP, os.str()));
                     }
                     //
                     // TODO IPv6 Address support.
@@ -473,6 +484,10 @@ namespace
     string convertX509NameToString(X509_name_st* name)
     {
         BIO* out = BIO_new(BIO_s_mem());
+        if (!out)
+        {
+            throw CertificateEncodingException(__FILE__, __LINE__, "SSL transport: error allocating BIO");
+        }
         X509_NAME_print_ex(out, name, 0, XN_FLAG_RFC2253);
         BUF_MEM* p;
         BIO_get_mem_ptr(out, &p);
@@ -621,6 +636,10 @@ string
 Ice::SSL::encodeCertificate(X509* certificate)
 {
     BIO* out = BIO_new(BIO_s_mem());
+    if (!out)
+    {
+        throw CertificateEncodingException(__FILE__, __LINE__, "SSL transport: error allocating BIO");
+    }
     int i = PEM_write_bio_X509(out, certificate);
     if (i <= 0)
     {

data/dist/ice/cpp/src/Ice/SSL/SSLUtil.h

@@ -34,7 +34,7 @@ namespace Ice::SSL
     const int AltNameDirectory = 4;
     // const int AltNameEDIPartyName = 5;
     const int AltNameURL = 6;
-    const int AltNAmeIP = 7;
+    const int AltNameIP = 7;
     // const AltNameObjectIdentifier = 8;
 
     // Read a file into memory buffer.
@@ -46,6 +46,8 @@ namespace Ice::SSL
     // Determine if a directory exists, with an optional parent directory.
     std::optional<std::string> resolveDirPath(const std::string& path, const std::string& parentDir = "");
 
+    /// Parse a hex string (e.g., "AB:CD:EF" or "ABCDEF") into a byte buffer. Spaces and colons are ignored.
+    /// @return `false` if the string contains invalid characters or has an odd number of hex digits.
     bool parseBytes(const std::string&, std::vector<unsigned char>&);
 
 #if defined(ICE_USE_SCHANNEL)
@@ -57,6 +59,10 @@ namespace Ice::SSL
     {
     public:
         ScopedCertificate(PCCERT_CONTEXT certificate) : _certificate(certificate) {}
+        ScopedCertificate(const ScopedCertificate&) = delete;
+        ScopedCertificate& operator=(const ScopedCertificate&) = delete;
+        ScopedCertificate(ScopedCertificate&&) = delete;
+        ScopedCertificate& operator=(ScopedCertificate&&) = delete;
         ~ScopedCertificate();
         PCCERT_CONTEXT get() const { return _certificate; }
 
@@ -74,6 +80,10 @@ namespace Ice::SSL
     {
     public:
         ScopedCertificate(SecCertificateRef certificate) : _certificate(certificate) {}
+        ScopedCertificate(const ScopedCertificate&) = delete;
+        ScopedCertificate& operator=(const ScopedCertificate&) = delete;
+        ScopedCertificate(ScopedCertificate&&) = delete;
+        ScopedCertificate& operator=(ScopedCertificate&&) = delete;
         ~ScopedCertificate();
         [[nodiscard]] SecCertificateRef get() const { return _certificate; }
 
@@ -91,6 +101,10 @@ namespace Ice::SSL
     {
     public:
         ScopedCertificate(X509* certificate) : _certificate(certificate) {}
+        ScopedCertificate(const ScopedCertificate&) = delete;
+        ScopedCertificate& operator=(const ScopedCertificate&) = delete;
+        ScopedCertificate(ScopedCertificate&&) = delete;
+        ScopedCertificate& operator=(ScopedCertificate&&) = delete;
         ~ScopedCertificate();
         [[nodiscard]] X509* get() const { return _certificate; }
 

data/dist/ice/cpp/src/Ice/SSL/SchannelEngine.cpp

@@ -14,7 +14,6 @@
 
 #include <wincrypt.h>
 
-#include <iostream>
 #include <mutex>
 
 #ifndef SECURITY_FLAG_IGNORE_CERT_CN_INVALID
@@ -668,7 +667,7 @@ namespace
         vector<string> dnsNames;
         for (vector<pair<int, string>>::const_iterator p = subjectAltNames.begin(); p != subjectAltNames.end(); ++p)
         {
-            if (p->first == AltNAmeIP)
+            if (p->first == AltNameIP)
             {
                 ipAddresses.push_back(IceInternal::toLower(p->second));
             }
@@ -693,7 +692,19 @@ namespace
             // name dnsNames.
             if (dnsNames.empty())
             {
-                auto d = DistinguishedName(getSubjectName(cert));
+                DistinguishedName d{list<pair<string, string>>{}};
+                try
+                {
+                    d = DistinguishedName(getSubjectName(cert));
+                }
+                catch (const Ice::ParseException& ex)
+                {
+                    throw SecurityException(
+                        __FILE__,
+                        __LINE__,
+                        "SSL transport: certificate verification failure:\nunable to parse certificate DN:\n" +
+                            string{ex.what()});
+                }
                 string dn = IceInternal::toLower(string(d));
                 string cn = "cn=" + addrLower;
                 string::size_type pos = dn.find(cn);
@@ -732,6 +743,56 @@ Schannel::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance)
 {
 }
 
+Schannel::SSLEngine::~SSLEngine()
+{
+    // Best-effort cleanup. We catch every exception (e.g. std::bad_alloc from the per-cert vector
+    // allocation below) so nothing escapes the destructor and triggers std::terminate.
+    try
+    {
+        if (_chainEngine && _chainEngine != HCCE_CURRENT_USER && _chainEngine != HCCE_LOCAL_MACHINE)
+        {
+            CertFreeCertificateChainEngine(_chainEngine);
+        }
+
+        if (_rootStore)
+        {
+            CertCloseStore(_rootStore, 0);
+        }
+
+        for (vector<PCCERT_CONTEXT>::const_iterator i = _importedCerts.begin(); i != _importedCerts.end(); ++i)
+        {
+            // Retrieve the certificate CERT_KEY_PROV_INFO_PROP_ID property, we use the CRYPT_KEY_PROV_INFO data to
+            // remove the key set associated with the certificate.
+            DWORD length = 0;
+            if (!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, 0, &length))
+            {
+                continue;
+            }
+            vector<char> buf(length);
+            if (!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, &buf[0], &length))
+            {
+                continue;
+            }
+            CRYPT_KEY_PROV_INFO* key = reinterpret_cast<CRYPT_KEY_PROV_INFO*>(&buf[0]);
+            HCRYPTPROV prov = 0;
+            CryptAcquireContextW(&prov, key->pwszContainerName, key->pwszProvName, key->dwProvType, CRYPT_DELETEKEYSET);
+        }
+
+        for (vector<PCCERT_CONTEXT>::const_iterator i = _allCerts.begin(); i != _allCerts.end(); ++i)
+        {
+            CertFreeCertificateContext(*i);
+        }
+
+        for (vector<HCERTSTORE>::const_iterator i = _stores.begin(); i != _stores.end(); ++i)
+        {
+            CertCloseStore(*i, 0);
+        }
+    }
+    catch (...)
+    {
+    }
+}
+
 void
 Schannel::SSLEngine::initialize()
 {
@@ -969,7 +1030,7 @@ Schannel::SSLEngine::initialize()
                     if (strcmp(keyInfo->Algorithm.pszObjId, szOID_RSA_RSA))
                     {
                         ostringstream os;
-                        os << "SSL transport: error unknow key algorithm: '" << keyInfo->Algorithm.pszObjId << "'";
+                        os << "SSL transport: unknown key algorithm: '" << keyInfo->Algorithm.pszObjId << "'";
                         throw InitializationException(__FILE__, __LINE__, os.str());
                     }
 
@@ -1199,49 +1260,6 @@ Schannel::SSLEngine::getCipherName(ALG_ID cipher) const
     }
 }
 
-void
-Schannel::SSLEngine::destroy()
-{
-    if (_chainEngine && _chainEngine != HCCE_CURRENT_USER && _chainEngine != HCCE_LOCAL_MACHINE)
-    {
-        CertFreeCertificateChainEngine(_chainEngine);
-    }
-
-    if (_rootStore)
-    {
-        CertCloseStore(_rootStore, 0);
-    }
-
-    for (vector<PCCERT_CONTEXT>::const_iterator i = _importedCerts.begin(); i != _importedCerts.end(); ++i)
-    {
-        // Retrieve the certificate CERT_KEY_PROV_INFO_PROP_ID property, we use the CRYPT_KEY_PROV_INFO data to remove
-        // the key set associated with the certificate.
-        DWORD length = 0;
-        if (!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, 0, &length))
-        {
-            continue;
-        }
-        vector<char> buf(length);
-        if (!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, &buf[0], &length))
-        {
-            continue;
-        }
-        CRYPT_KEY_PROV_INFO* key = reinterpret_cast<CRYPT_KEY_PROV_INFO*>(&buf[0]);
-        HCRYPTPROV prov = 0;
-        CryptAcquireContextW(&prov, key->pwszContainerName, key->pwszProvName, key->dwProvType, CRYPT_DELETEKEYSET);
-    }
-
-    for (vector<PCCERT_CONTEXT>::const_iterator i = _allCerts.begin(); i != _allCerts.end(); ++i)
-    {
-        CertFreeCertificateContext(*i);
-    }
-
-    for (vector<HCERTSTORE>::const_iterator i = _stores.begin(); i != _stores.end(); ++i)
-    {
-        CertCloseStore(*i, 0);
-    }
-}
-
 Ice::SSL::ClientAuthenticationOptions
 Schannel::SSLEngine::createClientAuthenticationOptions(const string& host) const
 {
@@ -1408,7 +1426,8 @@ Schannel::SSLEngine::validationCallback(
         extraPolicyPara.dwAuthType = incoming ? AUTHTYPE_CLIENT : AUTHTYPE_SERVER;
         // Disable because the policy only matches the CN of the certificate, not the SAN.
         extraPolicyPara.fdwChecks = SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
-        extraPolicyPara.pwszServerName = const_cast<wchar_t*>(Ice::stringToWstring(host).c_str());
+        wstring hostW = Ice::stringToWstring(host);
+        extraPolicyPara.pwszServerName = const_cast<wchar_t*>(hostW.c_str());
 
         CERT_CHAIN_POLICY_PARA policyPara;
         memset(&policyPara, 0, sizeof(policyPara));

data/dist/ice/cpp/src/Ice/SSL/SchannelEngine.h

@@ -22,17 +22,13 @@ namespace Ice::SSL::Schannel
     {
     public:
         SSLEngine(const IceInternal::InstancePtr&);
+        ~SSLEngine() override;
 
         //
         // Setup the engine.
         //
         void initialize() final;
 
-        //
-        // Destroy the engine.
-        //
-        void destroy() final;
-
         [[nodiscard]] std::string getCipherName(ALG_ID) const;
 
         [[nodiscard]] Ice::SSL::ClientAuthenticationOptions

data/dist/ice/cpp/src/Ice/SSL/SchannelTransceiverI.cpp

@@ -124,6 +124,11 @@ Schannel::TransceiverI::sslHandshake(SecBuffer* initialBuffer)
     {
         assert(!initialBuffer); // Always null for the initial handshake.
         _credentials = _localCredentialsSelectionCallback(_incoming ? _adapterName : _host);
+
+        // Set hRootStore for AcquireCredentialsHandle. Schannel uses hRootStore on the server side to specify
+        // the CAs trusted for client authentication (sent in the CertificateRequest message). This is not used
+        // for certificate validation — the transport handles validation separately using the chain engine.
+        // If the callback already provided an hRootStore, keep it; otherwise fall back to trustedRootCertificates.
         if (_rootStore && !_credentials.hRootStore)
         {
             _credentials.hRootStore = CertDuplicateStore(_rootStore);
@@ -145,8 +150,6 @@ Schannel::TransceiverI::sslHandshake(SecBuffer* initialBuffer)
             _credentials.paCred = &_allCerts[0];
         }
 
-        _credentials.hRootStore = _rootStore;
-
         err = AcquireCredentialsHandle(
             0,
             const_cast<char*>(UNISP_NAME),
@@ -549,6 +552,15 @@ Schannel::TransceiverI::decryptMessage(IceInternal::Buffer& buffer)
         }
         else if (err == SEC_I_RENEGOTIATE)
         {
+            if (_incoming)
+            {
+                // Reject peer-initiated TLS renegotiation on the server side: it is a CPU-asymmetric
+                // denial-of-service primitive on TLS 1.2 and is removed entirely in TLS 1.3.
+                throw ProtocolException(
+                    __FILE__,
+                    __LINE__,
+                    "SSL transport: peer-initiated TLS renegotiation is not supported on the server side.");
+            }
             if (_sslConnectionRenegotiating)
             {
                 throw ProtocolException(

data/dist/ice/cpp/src/Ice/SSL/SecureTransportEngine.cpp

@@ -9,10 +9,17 @@
 #include "Ice/Logger.h"
 #include "Ice/Properties.h"
 #include "Ice/SSL/SSLException.h"
+#include "Ice/UUID.h"
 #include "SSLEngine.h"
 #include "SSLUtil.h"
 #include "SecureTransportUtil.h"
 
+#include <cerrno>
+#include <climits>
+#include <cstring>
+#include <unistd.h>
+#include <vector>
+
 // Disable deprecation warnings from SecureTransport APIs
 #include "../DisableWarnings.h"
 
@@ -547,6 +554,43 @@ namespace
             }
         }
     }
+
+#if defined(ICE_USE_SECURE_TRANSPORT_MACOS)
+    // Creates a private temporary directory to hold a short-lived keychain, and returns its path.
+    // Uses confstr(_CS_DARWIN_USER_TEMP_DIR) rather than $TMPDIR so the location can't be
+    // redirected through the process environment.
+    string createTemporaryKeychainDirectory()
+    {
+        char base[PATH_MAX];
+        size_t len = confstr(_CS_DARWIN_USER_TEMP_DIR, base, sizeof(base));
+        if (len == 0 || len > sizeof(base))
+        {
+            int error = errno;
+
+            ostringstream os;
+            os << "SSL transport: confstr(_CS_DARWIN_USER_TEMP_DIR) failed";
+            if (error != 0)
+            {
+                os << ": " << strerror(error);
+            }
+            throw InitializationException(__FILE__, __LINE__, os.str());
+        }
+
+        string tmpl = string{base} + "ice-keychain-XXXXXX";
+        vector<char> buffer(tmpl.begin(), tmpl.end());
+        buffer.push_back('\0');
+
+        char* dir = mkdtemp(buffer.data());
+        if (dir == nullptr)
+        {
+            int error = errno;
+            ostringstream os;
+            os << "SSL transport: mkdtemp failed: " << strerror(error);
+            throw InitializationException(__FILE__, __LINE__, os.str());
+        }
+        return dir;
+    }
+#endif
 }
 
 SecureTransport::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance)
@@ -556,7 +600,25 @@ SecureTransport::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance)
 {
 }
 
-SecureTransport::SSLEngine::~SSLEngine() = default;
+SecureTransport::SSLEngine::~SSLEngine()
+{
+#if defined(ICE_USE_SECURE_TRANSPORT_MACOS)
+    if (!_temporaryKeychainDir.empty())
+    {
+        // Remove the temporary keychain and its enclosing directory created by initialize().
+        // The cleanup lives in the destructor (not destroy()) so it also runs when initialize()
+        // throws after the directory has been created.
+        _chain.reset();
+        const string keychainPath = _temporaryKeychainDir + "/ice.keychain";
+        UniqueRef<SecKeychainRef> keychain;
+        if (SecKeychainOpen(keychainPath.c_str(), &keychain.get()) == noErr && keychain.get())
+        {
+            SecKeychainDelete(keychain.get());
+        }
+        rmdir(_temporaryKeychainDir.c_str());
+    }
+#endif
+}
 
 //
 // Setup the engine.
@@ -636,6 +698,18 @@ SecureTransport::SSLEngine::initialize()
             keyFile = *resolved;
         }
 
+#if defined(ICE_USE_SECURE_TRANSPORT_MACOS)
+        if (keychain.empty())
+        {
+            // Import the certificate into a temporary keychain rather than the user's login keychain.
+            // A private key in the login keychain cannot complete a forward-secret (ECDHE) handshake
+            // on the server side. The keychain and its enclosing directory are removed by the destructor.
+            _temporaryKeychainDir = createTemporaryKeychainDirectory();
+            keychain = _temporaryKeychainDir + "/ice.keychain";
+            keychainPassword = Ice::generateUUID();
+        }
+#endif
+
         try
         {
             _chain.reset(loadCertificateChain(certFile, keyFile, keychain, keychainPassword, password));
@@ -651,14 +725,6 @@ SecureTransport::SSLEngine::initialize()
     }
 }
 
-//
-// Destroy the engine.
-//
-void
-SecureTransport::SSLEngine::destroy()
-{
-}
-
 ClientAuthenticationOptions
 SecureTransport::SSLEngine::createClientAuthenticationOptions(const string& host) const
 {
@@ -721,15 +787,15 @@ SecureTransport::SSLEngine::createServerAuthenticationOptions() const
 SSLContextRef
 SecureTransport::SSLEngine::newContext(bool incoming) const
 {
-    SSLContextRef ssl =
-        SSLCreateContext(kCFAllocatorDefault, incoming ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
-    if (!ssl)
+    UniqueRef<SSLContextRef> ssl(
+        SSLCreateContext(kCFAllocatorDefault, incoming ? kSSLServerSide : kSSLClientSide, kSSLStreamType));
+    if (!ssl.get())
     {
         throw SecurityException(__FILE__, __LINE__, "SSL transport: unable to create SSL context");
     }
 
     OSStatus err = SSLSetSessionOption(
-        ssl,
+        ssl.get(),
         incoming ? kSSLSessionOptionBreakOnClientAuth : kSSLSessionOptionBreakOnServerAuth,
         true);
 
@@ -741,7 +807,34 @@ SecureTransport::SSLEngine::newContext(bool incoming) const
             "SSL transport: error while setting SSL option:\n" + sslErrorToString(err));
     }
 
-    return ssl;
+    // Require TLS 1.2 or later. SecureTransport otherwise negotiates down to TLS 1.0 on macOS.
+    err = SSLSetProtocolVersionMin(ssl.get(), kTLSProtocol12);
+    if (err != noErr)
+    {
+        throw SecurityException(
+            __FILE__,
+            __LINE__,
+            "SSL transport: error while setting the minimum protocol version:\n" + sslErrorToString(err));
+    }
+
+    // Enable only forward-secret cipher suites: the Mozilla "Intermediate" recommendation for TLS 1.2
+    // intersected with what SecureTransport can negotiate — ECDHE key exchange with AES-GCM.
+    // SecureTransport's own default set also includes static-RSA suites (no forward secrecy) and 3DES.
+    const SSLCipherSuite ciphers[] = {
+        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384};
+    err = SSLSetEnabledCiphers(ssl.get(), ciphers, sizeof(ciphers) / sizeof(SSLCipherSuite));
+    if (err != noErr)
+    {
+        throw SecurityException(
+            __FILE__,
+            __LINE__,
+            "SSL transport: error while setting ciphers:\n" + sslErrorToString(err));
+    }
+
+    return ssl.release();
 }
 
 bool
@@ -750,7 +843,10 @@ SecureTransport::SSLEngine::validationCallback(SecTrustRef trust, const Connecti
 {
     OSStatus err = noErr;
     UniqueRef<CFErrorRef> trustErr;
-    assert(trust);
+    if (!trust)
+    {
+        throw SecurityException(__FILE__, __LINE__, "SSL transport: peer trust is null");
+    }
 
     // Do not allow to fetch missing intermediate certificates from the network.
     if ((err = SecTrustSetNetworkFetchAllowed(trust, false)))

data/dist/ice/cpp/src/Ice/SSL/SecureTransportEngine.h

@@ -20,10 +20,9 @@ namespace Ice::SSL::SecureTransport
     {
     public:
         SSLEngine(const IceInternal::InstancePtr&);
-        ~SSLEngine();
+        ~SSLEngine() override;
 
         void initialize() final;
-        void destroy() final;
 
         [[nodiscard]] Ice::SSL::ClientAuthenticationOptions
         createClientAuthenticationOptions(const std::string& host) const final;
@@ -37,6 +36,12 @@ namespace Ice::SSL::SecureTransport
     private:
         IceInternal::UniqueRef<CFArrayRef> _certificateAuthorities;
         IceInternal::UniqueRef<CFArrayRef> _chain;
+
+#    if defined(ICE_USE_SECURE_TRANSPORT_MACOS)
+        // Path of the temporary directory holding the imported certificate's keychain, removed by the destructor.
+        // Empty when IceSSL.Keychain is set or no certificate is configured.
+        std::string _temporaryKeychainDir;
+#    endif
     };
 }
 #endif

data/dist/ice/cpp/src/Ice/SSL/SecureTransportTransceiverI.h

@@ -72,7 +72,7 @@ namespace Ice::SSL::SecureTransport
             SSLWantWrite = 0x2
         };
 
-        mutable std::uint8_t _tflags;
+        mutable std::uint8_t _tflags{0};
         IceInternal::UniqueRef<SecCertificateRef> _peerCertificate;
         size_t _buffered;
         std::function<void(SSLContextRef, const std::string&)> _sslNewSessionCallback;