I am trying to develop a app on my local machine with the local version of my api, but I am keep getting this error when I run alamofire get request.
[BoringSSL] Function nw_protocol_boringssl_input_finished: line 1436 Peer disconnected during the middle of a handshake. Sending errSSLFatalAlert(-9802) alert
2018-08-13 10:47:23.056793-0500 Edev[6851:453243] TIC TCP Conn Failed [1:0x60c000178480]: 3:-9802 Err(-9802)
2018-08-13 10:47:23.057251-0500 Edev[6851:453243] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
2018-08-13 10:47:23.057432-0500 Edev[6851:453243] Task <97194E8E-7E15-42EC-B8BA-534AC4E313A2>.<1> HTTP load failed (error code: -1200 [3:-9802])
2018-08-13 10:47:23.057686-0500 Edev[6851:453245] Task <97194E8E-7E15-42EC-B8BA-534AC4E313A2>.<1> finished with error - code: -1200
FAILURE: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9802, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x60400044f570 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://edev.test/edev, NSErrorFailingURLStringKey=https://edev.test/edev, _kCFStreamErrorDomainKey=3}
[BoringSSL] Function nw_protocol_boringssl_input_finished: line 1436 Peer disconnected during the middle of a handshake. Sending errSSLFatalAlert(-9802) alert
2018-08-13 10:47:23.056793-0500 Edev[6851:453243] TIC TCP Conn Failed [1:0x60c000178480]: 3:-9802 Err(-9802)
2018-08-13 10:47:23.057251-0500 Edev[6851:453243] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
2018-08-13 10:47:23.057432-0500 Edev[6851:453243] Task <97194E8E-7E15-42EC-B8BA-534AC4E313A2>.<1> HTTP load failed (error code: -1200 [3:-9802])
2018-08-13 10:47:23.057686-0500 Edev[6851:453245] Task <97194E8E-7E15-42EC-B8BA-534AC4E313A2>.<1> finished with error - code: -1200
FAILURE: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9802, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x60400044f570 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://edev.test/edev, NSErrorFailingURLStringKey=https://edev.test/edev, _kCFStreamErrorDomainKey=3}
This is the alamofire I am using to fetch the data
Alamofire.request("https://edev.test/edev").responseJSON { response in
print(response)
print("Request: \(String(describing: response.request))") // original url request
print("Response: \(String(describing: response.response))") // http url response
print("Result: \(response.result)") // response serialization result
if let json = response.result.value {
print("JSON: \(json)") // serialized json response
}
if let data = response.data, let utf8Text = String(data: data, encoding: .utf8) {
print("Data: \(utf8Text)") // original server data as UTF8 string
}
}
I have have put a domain exception if my plist file that should make this run successfully based on what I have found online, but it still is not working.
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>edev.test</key>
<dict/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
does the server have an SSL certificate? if not change URL to Alamofire.request("http://edev.test/edev").responseJSON { response in
Related
ws_common: websphereHandleRequest: Failed to handle request rc=2
ws_common: websphereRequestHandler: Failed to find an app server to handle this request
I am new to iOS/SwiftUI development but am trying to develop an app and webapis on my MacBook Pro. I am using VSCode and C# on the backend and calling the webapis from the iPhone simulator.
I have a localhost certificate in my Keychain with a Subject Alternative Name of the ip for my local machine (10.0.0.5). I have this working with Android using 10.0.2.2 (emulator localhost for computer hosting the emulator), so I know it does work.
I can also run the API from the browser using 10.0.0.5 and get the results.
When I run from the simulator I get these error:
2022-01-15 18:05:03.352411-0500 TestApp[24757:274897] [Unknown process
name] copy_read_only: vm_copy failed: status 1. calling loadData...
loading data... 2022-01-15 18:05:06.008842-0500 TestApp[24757:274902]
Connection 1: default TLS Trust evaluation failed(-9807) 2022-01-15
18:05:06.009049-0500 TestApp[24757:274902] Connection 1: TLS Trust
encountered error 3:-9807 2022-01-15 18:05:06.009148-0500
TestApp[24757:274902] Connection 1: encountered error(3:-9807)
2022-01-15 18:05:06.010008-0500 TestApp[24757:274902] Task
<17311174-24FF-403A-AA1B-4894D097FB41>.<1> HTTP load failed, 0/0 bytes
(error code: -1202 [3:-9807]) 2022-01-15 18:05:06.013874-0500
TestApp[24757:274896] Task <17311174-24FF-403A-AA1B-4894D097FB41>.<1>
finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202
"The certificate for this server is invalid. You might be connecting
to a server that is pretending to be “10.0.0.5” which could put your
confidential information at risk."
UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to
the server anyway?, _kCFStreamErrorDomainKey=3,
NSErrorPeerCertificateChainKey=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" ), NSErrorClientCertificateStateKey=0,
NSErrorFailingURLKey=https://10.0.0.5:5001/WeatherForecast,
NSErrorFailingURLStringKey=https://10.0.0.5:5001/WeatherForecast,
NSUnderlyingError=0x6000023c6490 {Error Domain=kCFErrorDomainCFNetwork
Code=-1202 "(null)"
UserInfo={_kCFStreamPropertySSLClientCertificateState=0,
kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600001c58500>,
_kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>" ), _kCFStreamErrorCodeKey=-9807, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>,
NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600001c58500>,
NSLocalizedDescription=The certificate for this server is invalid. You
might be connecting to a server that is pretending to be “10.0.0.5”
which could put your confidential information at risk.} Invalid data
I followed the instructions from this post to put the NSExceptionDomain I am using. I am having trouble digesting the Overriding TLS Chain Validation Correctly. I followed this thread on Swift 5.1 UIWebView Does not View URL because of untrusted Certificate as well. Also, iOS app ignoring NSAppTransportSecurity.
My Info.plist has this in it:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>https://10.0.0.5:5001/WeatherForecast</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
I tried a variety of combinations for the key from 10.0.0.5 to https://10.0.0.5:5001/WeatherForecast.
UPDATE
I tried this Domain=NSURLErrorDomain Code 1202 as well, exporting the .cer from keychain and installing it on the emulator, but I still get the same error:
Using: Alamofire 5, self-signed certificate.
The certificate is stored in application resources
AlamofireExtension(Bundle.main).certificates - returns it.
Session:
private let session: Session = {
let manager = ServerTrustManager(evaluators: ["com.my.host.here": PinnedCertificatesTrustEvaluator(certificates: AlamofireExtension(Bundle.main).certificates, acceptSelfSignedCertificates: true, performDefaultValidation: false, validateHost: false)])
let config = URLSessionConfiguration.default
config.timeoutIntervalForRequest = 60
config.timeoutIntervalForResource = 60
config.httpMaximumConnectionsPerHost = 2
return Session(configuration: config, serverTrustManager: manager)
}()
.plist configuration:
Purpose is to use a self-signed certificate to validate the server without disabling validation and allowing insecure connections.
Note com.my.host.here is not my real hostname, I changed it for privacy reasons.
And here the result:
Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
my_app[12152:5481718] Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://com.my.host.here:8043/some_end_point_here, NSErrorFailingURLStringKey=https://com.my.host.here:8043/some_end_point_here, NSUnderlyingError=0x281354870 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x282f35320>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x282f35320>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
Questions is: What is the problem? Is it a problem with the certificate, or with the server side settings? and maybe something else?
You need to change NSExceptionAllowsInsecureHTTPLoads to YES.
NSExceptionAllowsInsecureHTTPLoads
Set the value for this key to YES to allow insecure HTTP loads for the given domain, or to be able
to loosen the server trust evaluation requirements for HTTPS
connections to the domain, as described in Performing Manual Server
Trust Authentication.
I have developed an app in Xcode10 with Swift (app name: "TerminalsPOC"). I am making an https request to my organization’s internal web api (let's call the url "https://example.com:50001/RESTAdapter/toolbox/getMyData") using Alamofire. I have a class with a class-level variable to reference a session manager:
// Swift code
let serverTrustPolicies: [String: ServerTrustPolicy] = [
“example.com": .pinCertificates(
certificates: ServerTrustPolicy.certificates(in: Bundle(for: type(of: self))),
validateCertificateChain: false,
validateHost: true
)
]
sessionManager = SessionManager(
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
sessionManager.request(url, method: .get) ...
I have imported the necessary .cer certificate into the app’s bundle. I have left the default ATS settings, but have added an NSExceptionDomain. The relevant info.plist section looks like
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<false/>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
This works so long as the NSExceptionAllowsInsecureHTTPLoads setting is set to true. If I set it to false, the request fails with the message: An SSL error has occurred and a secure connection to the server cannot be made. [-1200]
2018-12-07 11:55:42.122423-0700 TerminalsPOC[27191:371810] ATS failed
system trust 2018-12-07 11:55:42.122530-0700
TerminalsPOC[27191:371810] System Trust failed for [2:0x600001fad740]
2018-12-07 11:55:42.122637-0700 TerminalsPOC[27191:371810] TIC SSL
Trust Error [2:0x600001fad740]: 3:0
2018-12-07 11:55:42.125928-0700
TerminalsPOC[27191:371810] NSURLSession/NSURLConnection HTTP load
failed (kCFStreamErrorDomainSSL, -9802)
2018-12-07 11:55:42.126109-0700 TerminalsPOC[27191:371810] Task
<54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1> HTTP load failed (error
code: -1200 [3:-9802])
2018-12-07 11:55:42.126872-0700
TerminalsPOC[27191:371812] Task
<54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1> finished with error - code:
-1200
2018-12-07 11:55:42.140600-0700 TerminalsPOC[27191:371810] Task <54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1> load failed with error
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred
and a secure connection to the server cannot be made."
UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to
the server anyway?, _kCFStreamErrorDomainKey=3,
NSErrorPeerCertificateChainKey=(
"",
"" ), NSErrorClientCertificateStateKey=0,
NSErrorFailingURLKey=https://example.com:50001/RESTAdapter/toolbox/getMyData,
NSErrorFailingURLStringKey=https://example.com:50001/RESTAdapter/toolbox/getMyData,
NSUnderlyingError=0x6000024e89f0 {Error Domain=kCFErrorDomainCFNetwork
Code=-1200 "(null)"
UserInfo={_kCFStreamPropertySSLClientCertificateState=0,
kCFStreamPropertySSLPeerTrust=,
_kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"",
"" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <54567E3C-2BBC-4227-9C0A-FC60370A10AA>.<1>,
NSURLErrorFailingURLPeerTrustErrorKey=,
NSLocalizedDescription=An SSL error has occurred and a secure
connection to the server cannot be made.} [-1200]
I tried running “nscurl --ats-diagnostics https://example.com:50001/RESTAdapter/toolbox/getMyData”, and the response included the following:
Default ATS Secure Connection
--- ATS Default Connection Result : PASS
========
Allowing Arbitrary Loads
--- Allow All Loads Result : PASS
========= Configuring TLS exceptions for example.com
--- TLSv1.3 2018-12-07 10:59:17.492 nscurl[24303:331847] NSURLSession/NSURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9800) Result : FAIL
--- TLSv1.2 Result : PASS
--- TLSv1.1 Result : PASS
--- TLSv1.0 Result : PASS
============ Configuring PFS exceptions for example.com
--- Disabling Perfect Forward Secrecy Result : PASS
========== Configuring PFS exceptions and allowing insecure HTTP for example.com
--- Disabling Perfect Forward Secrecy and Allowing Insecure HTTP Result : PASS
This all looks OK to me. I must be missing something.
So my questions are:
1. Why does setting the NSExceptionAllowsInsecureHTTPLoads to true cause the call to work, given that it is an https request (with no redirect)? I thought this setting only affects http calls, and should not affect https calls.
2. How can I get this web request to work without setting NSExceptionAllowsInsecureHTTPLoads (which seems to be a hack/work-around, doesn’t it)?
The problem in this case was that the app was running on a simulator on which the required certificate had not been installed.
Once the correct (root) certificate had been installed and trusted, the pinned certificate check passed, and it was then possible to set the NSExceptionAllowsInsecureHTTPLoads info.plist setting back to "NO".
I wish the error message had been more explicit. :-/
I developing an iPhone application..and i facing one problem that i need to download an mp3 file from some FTP server and i used NSURLConnection with NSURLRequest
But every time i facing this error
error Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo=0x187650 {NSErrorFailingURLStringKey=ftp://....../you.mp3, NSErrorFailingURLKey=ftp://....you.mp3, NSLocalizedDescription=The request timed out., NSUnderlyingError=0x17cb20 "The request timed out."}
What is this mean and how can i download this file OR correct this error??
NOTE: I did this exapme using HTTP server and it worj JUST for FTP give this error
any advice please :)