All geek questions in one place

Swift / Xcode 7: NSURLSession / NSURLConnection Error loading HTTP (kCFStreamErrorDomainSSL, -9813)

I created the self-signed certificate myself with openssl and sha 256 as follows:

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

and I installed it correctly on my AMPPS server by setting up the httpd-ssl.conf file. If I try to execute, in a web browser:

https://localhost

I understand correctly that the connection uses TLS 1.2. When I run my application under the iOS 9 simulator, I assume that the error (9813) occurs because my certificate itself is signed. Is there any way to enable it anyway for my test purps? I read here that I have to add some function to the AppDelegate.swift class, but it does not seem to work.

This is the full error message I get:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
Optional(Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this  server is invalid. You might be connecting to a server that is pretending to be  "localhost" which could put your confidential information at risk." UserInfo= {NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fc492d54cf0>,  NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,  _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813,  NSErrorPeerCertificateChainKey=<CFArray 0x7fc492cc4bc0 [0x103cb67b0]>{type =  immutable, count = 1, values = (
0 : <cert(0x7fc492d520c0) s: Lorenzo Vinci i: Lorenzo Vinci>
)}, NSUnderlyingError=0x7fc492cc1370 {Error Domain=kCFErrorDomainCFNetwork   Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0,   kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fc492d54cf0>,  _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3,  _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=<CFArray  0x7fc492cc4bc0 [0x103cb67b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fc492d520c0) s: Lorenzo Vinci i: Lorenzo Vinci>
)}}}, NSLocalizedDescription=The certificate for this server is invalid. You   might be connecting to a server that is pretending to be "localhost" which could    put your confidential information at risk.,    NSErrorFailingURLKey=https://localhost/protected/excogitoweb/mobile/loginM.php? username=lorenzo&password=lorenzo,  NSErrorFailingURLStringKey=https://localhost/protected/excogitoweb/mobile/loginM.p hp?username=lorenzo&password=lorenzo, NSErrorClientCertificateStateKey=0})

: Mac OS X Yosemite
1) openssl brew >= 1.0.2d
2) TLS 1.2 apache 2.4, MAMP apache 2.2. : AMPPS, apache 2.4.x
3) sha256 ( iOS 9)

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

server.key server.crt /Applications/AMPPS/apache/conf
4) , ssl httpd.conf AMPPS
5) /Applications/AMPPS/apache/conf/extra/httpd -ssl.conf, :

<VirtualHost localhost:443>
   DocumentRoot "/Applications/AMPPS/www"
   ServerName localhost
   SSLEngine on
   SSLProtocol all -SSLv2 -SSLv3
   SSLHonorCipherOrder on
   SSLCertificateFile "/Applications/AMPPS/apache/conf/server.crt"
   SSLCertificateKeyFile "/Applications/AMPPS/apache/conf/server.key"
</VirtualHost>


<IfModule ssl_module> ... </IfModule>

6) iOS 9 , NSURLSession, 9813, , ( ). , NSURLSession, , , :

class LoginService: NSObject, NSURLSessionDelegate {

func URLSession(session: NSURLSession,
    task: NSURLSessionTask,
    didReceiveChallenge challenge: NSURLAuthenticationChallenge,
    completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?)
    -> Void) {

    completionHandler(NSURLSessionAuthChallengeDisposition.UseCredential, NSURLCredential(forTrust: challenge.protectionSpace.serverTrust!))
}

...

func requestLoginWithURL (requestURL: NSURL, completionHandler: (success: Bool?) -> Void) {
    let configuration =
    NSURLSessionConfiguration.defaultSessionConfiguration()

    let urlRequest: NSURLRequest = NSURLRequest(URL: requestURL)

    let session = NSURLSession(configuration: configuration, delegate: self, delegateQueue:NSOperationQueue.mainQueue())

    /*
    dataTaskWithRequest: creates an HTTP request for the specified URL request object, and calls a handler upon completion.
    */
    let task = session.dataTaskWithRequest(urlRequest, completionHandler: { (data: NSData?, response: NSURLResponse?, error: NSError?) -> Void in

...
}

URLSession , - , .

info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>localhost</key>
        <dict>
            <!--Include to allow subdomains-->
            <key>NSIncludesSubdomains</key>
            <true/>
            <!--Include to allow HTTP requests-->
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <!--
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/> -->
        </dict>
    </dict>
</dict>
0

:

:

Source: https://habr.com/ru/post/1608894/

More articles:


All Articles