NSURLSession fails on TLS due to "TLS Trust evaluation failed(-9802)"

App & System Services Networking
chapo213 OP
Created Jan ’23
Replies 1
Boosts 0
Views 1.6k
Participants 2

Hi, I'm using NSURSessionDataTask in order to send REST command to remote server.

the server doesn't request client-side verification in TLS, but the client does request server authentication as implemented in the following code

if (challenge.protectionSpace.authenticationMethod ==
           NSURLAuthenticationMethodServerTrust) {
  NSURLCredential* credential =
      [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
  completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);

However, even though I set the server certificate as "Trusted" I get the following failure :

2023-01-13 00:45:51.139349+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) System Trust Evaluation yielded stat
us(-9802)
2023-01-13 00:45:51.139390+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) ATS failed system trust
2023-01-13 00:45:51.139413+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) Connection 132: system TLS Trust eva
luation failed(-9802)
2023-01-13 00:45:51.139432+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) Connection 132: TLS Trust result -98
02
2023-01-13 00:45:51.139450+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) Connection 132: TLS Trust encountere
d error 3:-9802
2023-01-13 00:45:51.139467+0700 0x348f4 Error   0x0        7633 0 pas: (CFNetwork) Connection 132: encountered error(3:
-9802)
2023-01-13 00:45:51.139488+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) Connection 132: cleaning up
2023-01-13 00:45:51.139508+0700 0x348f4 Default  0x0        7633 0 pas: (CFNetwork) [com.apple.CFNetwork:Summary] Connec
tion 132: summary for unused connection {protocol=“(null)“, domain_lookup_duration_ms=0, connect_duration_ms=0, secure_connection_duration_ms=0
, private_relay=false, idle_duration_ms=0}

I also tried to connect the same URL from various browsers, and it passed those security checks...

How can I figure out what is the problem here? I made sure that the server certificate is set to trusted on system keychain, and my process is running in elevated user mode.

I know how to disable this check, but I prefer to understand exactly what It means and fix the certificate chain if needed. thanks

Replies  1
Boosts  0
Views  1.6k
Participants  2
Systems Engineer OP
Apple
Jan ’23

First, I'll recommend that you checkout all of the great resources that Quinn has for debugging this sort of thing under the Networking Resources page here in the Forums. I would specifically recommend the post TLS for App Developers . As for what is happening, even though you're trying to override trust evaluation, which generally is not recommended, you still could be hitting issues with an invalid certificate and that could be causing you issues here. If you do not find any more info in the links provided, and this is a local certificate that you are creating in your environment, these link may also here:

0
NSURLSession fails on TLS due to "TLS Trust evaluation failed(-9802)"
First post date Last post date
 
 
Q