Created attachment 260499 [details] Test App When loading a page with invalid SSL certificate, WKWebView provides API to make load/no-load decision, where browser can ask if user wants to accept invalid SSL certificate: |webView:didReceiveAuthenticationChallenge:completionHandler:| and that API provides SecTrustRef object. Lets assume that user has decided to load the page with invalid certificate. Now browser wants to show Broken Red SSL Lock icon to keep user informed about the risks. The only available API that can be used for server's identity verification is | WKWebView.certificateChain |, however having chain is not enough for cert verification and there is no guarantee that manually constructed SecTrustRef will be the same as one provided via |webView:didReceiveAuthenticationChallenge:completionHandler|. Attached example shows how browser can keep the user informed about the risks by showing warning text.
rdar://22560879