Thanks again. It´s working propertly with this configuration:<dict>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>sedeaplicaciones.minetur.***.es</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
</dict>
<key>www.boe.es</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Post
Replies
Boosts
Views
Activity
Thanks for your help. I try to configurate another url that I received error and it´s not working. I launch the comand: openssl s_client -connect sedeaplicaciones.minetur.***.es:443 And the result is:CONNECTED(00000005)
depth=1 C = ES, O = Firmaprofesional S.A., OU = Security Services, serialNumber = A62634068, CN = AC Firmaprofesional - INFRAESTRUCTURA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=ES/ST=MADRID/L=MADRID/O=MINISTERIO DE INDUSTRIA, COMERCIO Y TURISMO/2.5.4.97=VATES-S2800214E/serialNumber=S2800214E/CN=sedeaplicaciones.minetur.***.es
i:/C=ES/O=Firmaprofesional S.A./OU=Security Services/serialNumber=A62634068/CN=AC Firmaprofesional - INFRAESTRUCTURA
1 s:/C=ES/O=Firmaprofesional S.A./OU=Security Services/serialNumber=A62634068/CN=AC Firmaprofesional - INFRAESTRUCTURA
i:/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHjDCCBnSgAwIBAgIQdXENNAz41BIO5EtfbMLR/DANBgkqhkiG9w0BAQsFADCB
jTELMAkGA1UEBhMCRVMxHjAcBgNVBAoMFUZpcm1hcHJvZmVzaW9uYWwgUy5BLjEa
MBgGA1UECwwRU2VjdXJpdHkgU2VydmljZXMxEjAQBgNVBAUTCUE2MjYzNDA2ODEu
MCwGA1UEAwwlQUMgRmlybWFwcm9mZXNpb25hbCAtIElORlJBRVNUUlVDVFVSQTAe
Fw0yMDAxMTYxMjUzMjlaFw0yMjAxMTUxMjUzMjlaMIG9MQswCQYDVQQGEwJFUzEP
MA0GA1UECBMGTUFEUklEMQ8wDQYDVQQHEwZNQURSSUQxNDAyBgNVBAoTK01JTklT
VEVSSU8gREUgSU5EVVNUUklBLCBDT01FUkNJTyBZIFRVUklTTU8xGDAWBgNVBGET
D1ZBVEVTLVMyODAwMjE0RTESMBAGA1UEBRMJUzI4MDAyMTRFMSgwJgYDVQQDEx9z
ZWRlYXBsaWNhY2lvbmVzLm1pbmV0dXIuZ29iLmVzMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAnxTcJVOEOsPuEEx8Dkp/UtH6BfwpXc6mFp6p/tyLqo4x
TtgVFlQhVKQ6ofdFaShJIpnCG08b67LV+PhbxgxW9JU8MdT5SgDaYnvZZoXJJ63o
RWpbX+tJxIs3WWt+aqChC/1yfH1/i7nF1kO2vbTLsqCEb6+GQcFscjaKqmFH0D6I
6elBCan+K3RHmfe/46+JFIDe3uz+GvWJswnO8v6akgHqKey4sk8DRKCtSx+SrYTL
+m2mQgVFirGWRxD+OF3la/PM+QJRqEUPtteqwuL2cnltpLQNx4/8u0wjrUhjhcnV
HLFd93frnzf9PJXuv8ZofbHlx4Q52zRMRgNZeHsS2QIDAQABo4IDtDCCA7AwDAYD
VR0TAQH/BAIwADAfBgNVHSMEGDAWgBRiFau1swh5pYf+gNki8I78jxH9eTB9Bggr
BgEFBQcBAQRxMG8wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcmwuZmlybWFwcm9mZXNp
b25hbC5jb20vaW5mcmFlc3RydWN0dXJhLmNydDAsBggrBgEFBQcwAYYgaHR0cDov
L29jc3AuZmlybWFwcm9mZXNpb25hbC5jb20wKgYDVR0RBCMwIYIfc2VkZWFwbGlj
YWNpb25lcy5taW5ldHVyLmdvYi5lczCBgQYDVR0gBHoweDB2BgsrBgEEAeZ5CgED
ATBnMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZpcm1hcHJvZmVzaW9uYWwuY29t
L2NwczA0BggrBgEFBQcCAjAoDCZFc3RlIGVzIHVuIENlcnRpZmljYWRvIGRlIFNl
cnZpZG9yIFdlYjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwgYAGA1Ud
HwR5MHcwOaA3oDWGM2h0dHA6Ly9jcmwuZmlybWFwcm9mZXNpb25hbC5jb20vaW5m
cmFlc3RydWN0dXJhLmNybDA6oDigNoY0aHR0cDovL2NybDIuZmlybWFwcm9mZXNp
b25hbC5jb20vaW5mcmFlc3RydWN0dXJhLmNybDAdBgNVHQ4EFgQU/LW6Qyk5AxRE
Z02zTK6PK+Y+TcgwDgYDVR0PAQH/BAQDAgSwMIIBfQYKKwYBBAHWeQIEAgSCAW0E
ggFpAWcAdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+uankn
AAAEAwBGMEQCIEvExrNEaaNVcT0X2cJq5Q9TxqqiVOzKrx3a0NVItAfzAiAh6iSh
+5wzuMFblPwigb/S3hkhhPJL9f05UdSTuLFuYQB2AFWB1MIWkDYBSuoLm1c8U/DA
5Dh4cCUIFy+jqh0HE9MMAAABb65qekoAAAQDAEcwRQIgFv+U2oJ6MfgNJLGN9CSp
SohhCk9hoIHs8bFaVHC6KcwCIQDAPZwWewlFTD5KmKHM2908XwA197WpmLXM2/0D
Ldh+5AB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABb65qe94A
AAQDAEcwRQIhAIARZp6spL+mrQyFWAT1plY6GuMlXmjt0PkBV/uk374VAiBZjfFa
vYtxJ8JlxMKO6YZ0cbTFZlrv/fdJBZ1MQAYQJzANBgkqhkiG9w0BAQsFAAOCAQEA
jzYle73OJmYIs/KhgaAsmqfxrnmxWDOiA4zdwfMmon8X9nWA/6bmGNLYhUYt9zFe
jSXNNwP1VOBljZaQn7kNfi7+JbnYib4Ao01ejuadCG17BIG/QkVoGXizMBjrAet3
tHag7G3fHQ/uYzUNADnNh3E/BbQt/4HGoDcUXqsgze+rYUG9WcIEIjz6fOr+rXW1
1lq0DwwI248LCGGeL6rMFD1kXrZJktgCfB8iUQ8VQXoERPiL83lPAO8HNPg0qg3h
vX/+llh00RTijLyzkUmpKupgbjNaTmYReKa9EsgWmje2ZZCCwm4Uj07RMJLrKLSJ
sBSPAnx9RMVe4mU6I9nNSg==
-----END CERTIFICATE-----
subject=/C=ES/ST=MADRID/L=MADRID/O=MINISTERIO DE INDUSTRIA, COMERCIO Y TURISMO/2.5.4.97=VATES-S2800214E/serialNumber=S2800214E/CN=sedeaplicaciones.minetur.***.es
issuer=/C=ES/O=Firmaprofesional S.A./OU=Security Services/serialNumber=A62634068/CN=AC Firmaprofesional - INFRAESTRUCTURA
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3858 bytes and written 334 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 843100002732FA3A6A6512B3A716B16ABDDA72355069FC1D549F83B29D3B8A02
Session-ID-ctx:
Master-Key: E7379A467496E2FD38D62BE51313C09CDBD923EBE9E52BBF1223AE7AA75212E68A687FAB453AB64280B36A5DDC8B90AB
Start Time: 1580318913
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---I think that is not the same error because this certificate suports ECDHE, but I still receiving the 1200 error. More specficly:Optional(Error Domain=NSURLErrorDomain Code=-1200 "Se ha producido un error de SSL y no puede establecerse una conexión segura con el servidor."
UserInfo={NSLocalizedDescription=Se ha producido un error de SSL y no puede establecerse una conexión segura con el servidor.,
NSLocalizedRecoverySuggestion=¿Quieres conectarte al servidor de todos modos?, _kCFStreamErrorCodeKey=-9801, NSErrorFailingURLStringKey=
https://sedeaplicaciones.minetur.***.es/ReclamacionesTELCO_Nueva/FrmSolicitud.aspx, _kCFStreamErrorDomainKey=3, NSUnderlyingError=0x17d22b00
{Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorCodeKey=-9801,
_kCFStreamErrorDomainKey=3, _kCFStreamPropertySSLClientCertificateState=0}},
NSErrorFailingURLKey=https://sedeaplicaciones.minetur.***.es/ReclamacionesTELCO_Nueva/FrmSolicitud.aspx})
Thanks eskimo. I will check it.
One of the urls is:https://www.boe.es/notificaciones/notificaciones_historico.php?auth=clave
I am trying to configure muy my info.plist but it´s not working.My configuration is the next, but with this configuration my app is not calling to my delegate class.<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>boe.es</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>This configuration is not correct?
Thank you very much for your support. In this case, I have no way of shouting at the people who maintain those servers, so that option is not possible. Given that the user is only going to access the urls that the app offers, I will try to manage it including NSExceptionDomains entries.
Thanks for your response. I have tried to enable NSAllowsArbitraryLoads and in this case my delegated class runs correctly and I can reach the urls that did not arrive before. In this case, what is the best solution to use?
Thanks for your reply. I answer by parts.Regarding the first question, indicate that I have based on a code that I have found searching on the Internet and it is true that reviewing the execution of my app, never enters that code fragment, so, I understand that this part could be expendable.Regarding the global vision of my app, I explain it below. The app aims to serve as a single point of access to online procedures of different Spanish public administrations to facilitate daily procedures with the administration (the android version is this https://play.google.com/store/apps/details?id=com.tramite&hl=en). Therefore, I need to be able to rely on access to urls of various administrations. My problem is that the code of my delegated class is executed for the majority when making the call to the url, but for a couple of them it is not, and I do not understand the reason.
Sorry, I couldn´t edit my post. I write my code in this coment:The code on my connection classlet delegate: URLSessionDelegate = SessionDelegate() as URLSessionDelegate
let urlSession = URLSession(configuration: .default, delegate: delegate, delegateQueue: nil)
let task = urlSession.dataTask(with: request as URLRequest)
{ data, response, error in
if error == nil
{
var htmlCode: String = ""
if charset == Constantes.CHARSET_UTF8
{
htmlCode = String(data: data!, encoding: .utf8)!
}
else
{
htmlCode = String(data: data!, encoding: .ascii)!
}
callback(htmlCode, nil)
return
}
else
{
callback("", error.debugDescription)
}
} task.resume()Delegate Class:class SessionDelegate:NSObject, URLSessionDelegate
{
let certificadosName: [String] = ["AC_Administracion_Publica","ac_raiz_fnmt","Camerfirma_AAPP_II_Chambers_of_Commerce_Root","Camerfirma_Corporate_Server_II_Chambers_of_Commerce_Root","Chambers_of_Commerce_Root","claveRaiz","DigiCert_High_Assurance_EV_Root_CA","Entrust_Root_Certification_Authority_G","GeoTrust_SSL_CA_G_GeoTrust_Global_CA","Izenpe_com"]
let certFileType = "cer"
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
guard challenge.previousFailureCount == 0 else {
challenge.sender?.cancel(challenge)
// Inform the user that the user name and password are incorrect
completionHandler(.cancelAuthenticationChallenge, nil)
return
}
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust
&& challenge.protectionSpace.serverTrust != nil
{
let trust = challenge.protectionSpace.serverTrust
var certs: [SecCertificate] = [SecCertificate]()
for certificadoName in certificadosName
{
let pem = Bundle.main.url(forResource: certificadoName, withExtension: certFileType)
let data = NSData(contentsOf: pem!)
let cert = SecCertificateCreateWithData(nil, data!)
certs.append(cert!)
}
SecTrustSetAnchorCertificates(trust!, certs as CFArray)
var result=SecTrustResultType.invalid
if SecTrustEvaluate(trust!,&result)==errSecSuccess {
if result==SecTrustResultType.proceed || result==SecTrustResultType.unspecified {
let proposedCredential = URLCredential(trust: trust!)
completionHandler(.useCredential,proposedCredential)
return
}
}
}
completionHandler(.performDefaultHandling, nil)
}
}
I have finally resolved the error. The problem was not in this class, which works perfectly, the problem was that the parameter that was received was not properly scraped to use as a parameter. So I has created this function to encode the parameters before call the class that I posted previously. func encodeParamenters(parametro: String) -> String { let allowedCharacterSet = (CharacterSet(charactersIn: "!*'();:@&=+$,/?%#[] ").inverted) let escapedString = parametro.addingPercentEncoding(withAllowedCharacters: allowedCharacterSet) ?? "" return escapedString }