I have an old app that was built using Objective-C and uses this library for local receipt validation for IAPs.
Recently Apple announced that local receipt validation code must change from SHA1 to SHA256 as described in: TN3138: Handling App Store receipt signing certificate changes.
I read the document but I'm still not clear on what exactly I'm supposed to change in the code. I tried changing the hashing algorithm in the verify receipt method from:
SHA1((const uint8_t*)data.bytes, data.length, (uint8_t*)expectedHash.mutableBytes);
to:
SHA256((const uint8_t*)data.bytes, data.length, (uint8_t*)expectedHash.mutableBytes);
But the computed hash was different than the one in the receipt. Using the original SHA1 the computed hash equals the one in the receipt.
According to the article linked above, the Sandbox should have updated certificates that work with the new SHA-256 hash since the 20th of June, 2023.
So I'm not sure what I should be doing to make sure the app and all IAPs work fine by the 14th of August when this change goes live. Any help would be appreciated!