This API is necessary if host app wants to implement certificate blacklisting feature. webView:didReceiveAuthenticationChallenge:completionHandler: is not suitable for that. It provides all required information but it's called after the cookies were sent to the server and if host app believes that certificate is compromised it's too late to cancel the request as cookies were gone.
Also reported to Apple Radar: rdar://19462148
(In reply to comment #1) > Also reported to Apple Radar: rdar://19462148 The radar does not match this bug report.
<rdar://problem/21387703>