My request looks as such
let headers = ["Host:" : "www.fortune500companysite.com", "User-Agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language" : "en-US,en;q=0.5", "Connection" : "keep-alive", "Upgrade-Insecure-Requests" : "1"]
let request = formatRequest(url: "https://www.fortune500companysite.com/", method: "GET", headers: headers, dataString: nil)
I need help formatting my info.plist so that the request (and subdomain requests) works and the app is approvable by apple.
Sending the request off only works with:
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Which as we know, is a one way ticket to getting your app rejected by apple. Without it, I get the following error:
nw_coretls_read_one_record tls_handshake_process: [-9824]
error: Optional(Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={NSUnderlyingError=0x60800004ea60 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={_kCFStreamErrorCodeKey=54, _kCFStreamErrorDomainKey=1}}, NSErrorFailingURLStringKey=https://www.fortune500companysite.com/, NSErrorFailingURLKey=https://www.fortune500companysite.com/, _kCFStreamErrorDomainKey=1, _kCFStreamErrorCodeKey=54, NSLocalizedDescription=The network connection was lost.})
This code I found in someone else's question doesn't help either
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>fortune500companysite.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
Related
i keep sending get requests via alaomfire with those settings:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>domain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowInsecureHTTPSLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key>
<true/>
</dict>
</dict>
</dict>
But i still get:
An SSL error has occurred and a secure connection to the server cannot be made
Could anybody explain this issue to me?
Thanks and Greetings!
I get this error when I am trying to connect my Swift Mac OS app to a page running on a sever on my localhost. I have made sure the server is up and running.
This is my info.plist file:
<plist version="1.0">
<dict>
<key>UIBackgroundModes</key>
<array>
<string></string>
</array>
<key>NSLocationAlwaysUsageDescription</key>
<string>Location Service always in use</string>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string></string>
</array>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>LSApplicationCategoryType</key>
<string></string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>NSMainStoryboardFile</key>
<string>Main</string>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>NSLocationWhenInUseDescrciption</key>
<string>Location Needed</string>
<key>CFBundleIconFile</key>
<string></string>
<key>LSMinimumSystemVersion</key>
<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>17.83.148.252</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2017 Meghalee. All rights reserved.</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>NSAllowsArbitraryLoads</key>
<string>YES</string>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<string></string>
</dict>
</plist>
And this is the part of the code that tries to access the page. It is from the swift app. There is no error when I build my project. I can't use NSURL as this version of Swift does not have NSUrl it got changed to URLSession, URLRequest and so on:
private func sendtoPHP(nSt : NetworkStatistics,lat : Double, long : Double )
{
var request = URLRequest(url: URL(string: "https://17.83.148.252/test.php")!)
request.httpMethod = "POST"
// let postString = "a=\(nSt.getCurrentSsid()!)&b=\(nSt.getRssiValue()!)&c=\(nSt.getNoiseMeasurement()!)&d=\(nSt.getWlanChannel()!)&e=\(nSt.getBssid()!)&f=\(nSt.getCountryCode()!)&g=\(nSt.getHardwareAddress()!)&h=\(nSt.getTransmitPower()!)&i=\(lat)&j=\(long)"
let postString = "a=\(nSt.getCurrentSsid()!)"
request.httpBody = postString.data(using: .utf8)
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data, error == nil else { // check for fundamental networking error
print("error=\(error)")
return
}
if let httpStatus = response as? HTTPURLResponse, httpStatus.statusCode != 200 { // check for http errors
print("statusCode should be 200, but is \(httpStatus.statusCode)")
print("response = \(response)")
}
let responseString = String(data: data, encoding: .utf8)
print("responseString = \(responseString)")
}
task.resume()
}
I have tried replacing 17.83.148.252 with localhost but it does not work.
Here is the detailed error description:
2017-03-08 11:53:40.453196 NetworkHealth_Mac[56146:753522] Unfiltered exception: SSLHostname
2017-03-08 11:53:40.479160 NetworkHealth_Mac[56146:753489] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
error=Optional(Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “17.83.148.252” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey= NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “17.83.148.252” which could put your confidential information at risk., NSErrorFailingURLKey=https://17.83.148.252/test.php, NSErrorFailingURLStringKey=https://17.83.148.252/test.php, NSErrorClientCertificateStateKey=0})
Yes I already tried that.Please look at my info.plist, the key NSAppTransportSecurity is there.I found the solution to this. The problem was, I was using a Mac OS server to run the PHP file in the server. Interestingly when I was running localhost/test.php it was working from the browser but not from my swift program (which is on the same machine) .I used this link in my code : https://username-macbook-air.local/test.php instead of https://localhost/test.php. Seems like, when I use localhost , the access is blocked saying "the server does not have a certificate" , even if I include :
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
So I figured that Swift 3 in OS X needs a secure connection with an SSL certificate, which is there by default but we just have to find the correct link.
I got the following error while establishing an HTTPs (Secure HTTP) connection in Swift 2 and iOS9:
[NSLocalizedDescription: An SSL error has occurred and a secure connection to the server cannot be made., NSLocalizedRecoverySuggestion: Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey: 3, NSUnderlyingError: Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorCodeKey=-9802, _kCFStreamErrorDomainKey=3, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x175bc540>, kCFStreamPropertySSLPeerCertificates=<CFArray 0x175bd200 [0x3c11cca8]>{type = immutable, count = 1, values = (
0 : <cert(0x175bbf90) s: example.com i: example.com>
)}}, _kCFStreamErrorCodeKey: -9802, NSErrorFailingURLStringKey: https://example.com.com:pppp/, NSErrorPeerCertificateChainKey: (
"<cert(0x175bbf90) s: example.com i: example.com.com>"
), NSErrorClientCertificateStateKey: 0, NSURLErrorFailingURLPeerTrustErrorKey: <SecTrustRef: 0x175bc540>, NSErrorFailingURLKey: https://example.com:pppp/]
I want to know the exact exact reason of this issue and how can I find exact reason of an SSL issue?
I got the following output from curl command:
I also did the following changes in info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Still I am getting error in app and not able to connect to server.
Please anyone can give me an example or link for implementing SSL pinning with self signed certificate in iOS 9 and Xcode 7.
This question already has answers here:
Transport security has blocked a cleartext HTTP
(29 answers)
Closed 7 years ago.
Whenever I try to load a url or gain the data from a specific URL that follows the http:// format. Xcode returns me with this error
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
How can I fix/work my way around this
I am not sure but you have to update your info.plist file by adding this key:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
Or you can add it another way and it will look like:
Or you can add a specific domain like:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
Original Post here for that.
I am dynamically generating (in a PHP script) a .mobileconfig file for iOS devices and then serve it over the web. I am delivering the file with the application/x-apple-aspen-config content type and with Content disposition as attachment;filename=myprofile.mobileconfig.
My problem is I keep getting an error that says: Safari could not install a profile due to an unknown error. What am I doing wrong? See the mobileconfig file below:
$content = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
<plist version=\"1.0\">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>DefaultsData</key>
<dict>
<key>apns</key>
<array>
<dict>
<key>apn</key>
<string>$apnName</string>
<key>password</key>
<string>$password</string>
<key>proxy</key>
<string></string>
<key>proxyPort</key>
<integer></integer>
<key>username</key>
<string>$userName</string>
</dict>
</array>
</dict>
<key>DefaultsDomainName</key>
<string>com.apple.managedCarrier</string>
</dict>
</array>
<key>PayloadDescription</key>
<string><removed before posting here></string>
<key>PayloadDisplayName</key>
<string><removed before posting here></string>
<key>PayloadIdentifier</key>
<string><removed before posting here></string>
<key>PayloadOrganization</key>
<string><removed before posting here></string>
<key>PayloadType</key>
<string>com.apple.apn.managed</string>
<key>PayloadUUID</key>
<string>8B9A29CC-7C6E-4E32-B4AD-18ED3FDDB64D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string><removed before posting here></string>
<key>PayloadDisplayName</key>
<string><removed before posting here></string>
<key>PayloadIdentifier</key>
<string><removed before posting here></string>
<key>PayloadOrganization</key>
<string><removed before posting here></string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>975760AB-9CCE-4496-9D2F-04FD605DDBB9</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>";
I am getting this issue both in the simulator and iPhone 3G and iPhone 4 devices.
The problem is that although proxy and proxyPort are optional, if proxyPort is included and is null, as in my xml then the profile won't install and will throw that annoying error. The solution is to remove it if it's not necessary.