After changing server to ssl ( http --> https ), I'm getting failure block executed and generating the error such as
request timed out
I know AFXMLRequestOperation is subclass of AFHTTPRequestOperation which is a subclass of AFURLConnectionOperation for requests using the HTTP or HTTPS protocols. Therefore, I thought I could get some response back from server, not the above error .
Does anybody experience it before, please help. Any comments are welcomed.
Thanks
It's possible that the ssl certificate you're using on your server is self signed or is not signed by a suitable certificate authority. I would start by investigating that, and then take steps to force your app to connect to the server even though the certificate is abnormally signed.
Related
CocoaMQTT client is running on iOS15 with the SSL enabled as shown in this example. The cert_key.p12 file was merged from the client.crt and client.key files signed by the same (self-created) CA that was used for the MQTT server/broker certificate generation. The MQTT broker is configured to require client's certificate and use its CN as the username. The handshake does not go well - the log complains about the unknown certificate:
New connection from 192.168.1.87 on port 8883.
OpenSSL Error[0]: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
Based on the above error research, the broker does not like the client's certificate, right? In fact, looking at the wireshark's log, it seems like the client does not send the certificate to the server. Is that something I need to enable in the App configuration? Does the Swift CocoaMQTT package even support this feature (provide the cert to the broker)?
EDIT:
I tried running a client with the same cert/key with paho mqtt implemented in python, which also allows to provide the client with the CA certificate, and everything runs ok:
Trying using the same client's cert/key in CocoaMQTT implemented in iOS15 shows the MQTT broker log error message as above and the fatal alert shows up the the wireshark log:
Initially, I thought that the sever did not like (or did not receive) the client's certificate, but that fatal alert package destination is port 8883. So now I tend to believe that it's the client, who does not like the server's certificate. This is expected if the client uses the pool of official CAs to verify the certificate instead of recognizing that its own certificate was issued by the same CA as the server's one. This is further confirmed by setting the allowUntrustCACertificate = true and seems like the handshake is suspended and no more communication occurs:
There's also a debug message on the client's side:
Call the SSL/TLS manually validating function
So it looks like the client will not continue the communication until this validation process occurs. As #Brits mentioned in his comment, there's a callback to validate the cert manually but it is implemented as a part of the delegate. I do see that there's a method mqtt.didReceiveTrust which I assume should be used for cert validation, and I wish to use the closures approach as stated on the README page as giving an example for the didReceiveMessage methond:
Now you can use closures instead of CocoaMQTTDelegate:
mqtt.didReceiveMessage = { mqtt, message, id in
print("Message received in topic \(message.topic) with payload \(message.string!)")
}
With a weak understanding of Swift Closures, I am not able to figure out how to make that function all, so the question now becomes: how to convert that function from the delegate definition into the closure?
I am using chrome.sockets.tcp API to create a secure connection. No errors are being encountered when connecting using a trusted certificate.
However, I'm facing error -202 (CERT_AUTHORITY_INVALID) (among other possible [certificate errors][2]) when trying to connect to a server with a self-signed/untrusted certificate.
Is it possible to warn the user about the invalid certificate and provide the option to continue with the connection? (similar to the way Chrome handles such situations)
Seeing nothing on the topic in the docs (and SocketsTcpSecureFunction::AsyncWorkStart(), the source code of chrome.sockets.tcp.secure, only verifies the certificate but doesn't try to handle the errors, it would only report them back) I'd conclude there's no way to interactively handle this predicament.
Maybe you can import the certificate on the client machine but it won't help other users of the site unless they're willing to do the same.
I am getting an error "An SSL error has occurred and a secure connection to the server cannot be made".
Same code is working fine while communicating with another server, i want to make sure whether the issue is due the certificate on server.
Its because of the server that you are hitting is HTTPS server. It requires an SSL check.
please check the url of the server you are communicating with , it must be using HTTPS , try using the service with HTTP.
I need your help :)
I'm about changing the http request into a https request from my app. For now I have used ASIHTTPRequest and followed this tutorial. You have to know that I am a total beginner in this area of https and ssl. I appreciate any help, really.
This is the code of my http request:
- (void)fetchDataFromServer{
// Create Instance
ASIFormDataRequest *request = [[ASIFormDataRequest alloc] initWithURL:url];
// Parameter der POST Anfrage setzen
[request setPostValue:#"anything" forKey:#"app_action"];
[request setValidatesSecureCertificate:NO]; // no certificate so far
request.delegate = self; // assign delegate
[request startAsynchronous]; // send request
}
That worked fine. But now I need to protect the data connection and therefore I have to use https.
How can I realize this need? Is ASIHTTPRequest the right thing for that and it is even supporting that? What do I need to know of the certificate in the server?
Please tell me everything you know :)
Thank you very much - you're the best.
Regards
Chris
Certificate validation is a good thing and should nearly always be done. You do not need to disable it for HTTP requests.
There is really only one exception to this rule. If you must connect to a HTTPS web service which does not have a properly signed certificate by a trusted certificate authority, then you must to turn certificate validation off.
Why your web service might not have a valid certificate
You're being hacked! This is the reason for certificates and certificate validation.
The web service is running on a badly configured SSL server.
The certificate has expired and the server isn't being kept up.
The owner of the web service is too cheap to pay for having his certificate signed by a trusted certificate authority.
A development server that isn't exposed to the public may not be worth the trouble of getting a signed certificate.
How to know if the web service doesn't have a properly signed certificate
Visit the web service in a web browser and see if you get a certificate error.
Check for an invalid certificate error within your app.
Alternatives to turning certificate validation off
Get your certificate signed by a trusted certificate authority.
Create your own certificate authority, sign your certificate with your own certificate authority, and install your certificate authority as a trusted certificate authority on the iOS device.
My application uses ASIHttpRequest for my server communication. I have a requirement that I should block HTTP protocol cos I dont wont to transmit that data over insecure link. So only SSL over HTTPS will be allowed. Also even thought the link is HTTPS I need to ensure that I am calling to the correct certificate. So I need a server certificate validation in my code. Please guide me how to do this.
I researched on this. I found few possible answers. One is to create a client certificate and do the validation. Also there are ways to "Client certificates support" under ASIHttpRequest documentation. So how to achieve my requirements above. Also integration of CFNetwork code into ASIHttpRequest will also do.
Regards,
Dilshan
You can get a validated certificate from an certificate authority like StartSSL or Thawte. Then iOS checks if the certificate is trusted by an authority. iOS comes with different trusted authorites.
If the server certificate is not validated by an authority the connection is rejected.
You don't need to do something special in code. Only use a https connection.