How to load arbitrary insecured stream url on IOS ?

App & System Services Networking
Nassimus OP
Created Aug ’24
Replies 3
Boosts 0
Views 333
Participants 2

Hi, I am developing an IPTV app, an IPTV app cannot know what is the domain for the stream urls during the development.

So I tried all the solution found on the net "NSAllowsArbitraryLoads -> TRUE"

And tried the diagnostic command nscurl --ats-diagnostics --verbose with a working stream url on VLC.

I got only fails for all the cases, the result is below, but if there's no way to load an arbitrary insecured stream url, how the exiting iptv app are zorking on IOS and IosTV ?! : ` mac@MK-MacBook-Pro ntv % nscurl 'http://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie' --verbose --ats-diagnostics Starting ATS Diagnostics

================================================================================

Default ATS Secure Connection

ATS Default Connection ATS Dictionary: { } Result : FAIL Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <6850A6F0-62AA-4581-B736-61E130C9F01F>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <6850A6F0-62AA-4581-B736-61E130C9F01F>.<1>" ), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSUnderlyingError=0x600000611e60 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9836, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9836, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: en0[802.11], ipv4, ipv6, dns, uses wifi}}, _kCFStreamErrorCodeKey=-9836}

================================================================================

Allowing Arbitrary Loads

Allow All Loads ATS Dictionary: { NSAllowsArbitraryLoads = true; } Result : FAIL Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <E358A2AF-0BCB-44D0-994A-806E6DDDC7F4>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <E358A2AF-0BCB-44D0-994A-806E6DDDC7F4>.<1>" ), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://ibrafr.com:8789/play/movie.php?mac=00:1A:79:??:??:??&stream=31893.mkv&type=movie, NSUnderlyingError=0x600000612940 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9836, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9836, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: en0[802.11], ipv4, ipv6, dns, uses wifi}}, _kCFStreamErrorCodeKey=-9836}

================================================================================ All fails ================================================================================`

Answered by DTS Engineer in 798709022

I recommend that you have a read of TLS for App Developers. It explains that there are two levels of security checks:

  • The default HTTPS server trust evaluation done by all of our TLS APIs.

  • ATS, which is additional security checks for HTTP[S] requests done by URLSession and above.

So, if you’re using URLSession then disabling ATS is only half the story. You also have to override the default server trust evaluation. For an example of that, see this thread.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  3
Boosts  0
Views  333
Participants  2
DTS Engineer OP
Apple
Aug ’24
Accepted Answer

I recommend that you have a read of TLS for App Developers. It explains that there are two levels of security checks:

  • The default HTTPS server trust evaluation done by all of our TLS APIs.

  • ATS, which is additional security checks for HTTP[S] requests done by URLSession and above.

So, if you’re using URLSession then disabling ATS is only half the story. You also have to override the default server trust evaluation. For an example of that, see this thread.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Nassimus OP
Aug ’24

Hi, thank you for the replay, the question is how load any stream with any kind of URL (secured or not secured) ?, because in case of IPTV, there's no way to control the server which is offering the stream service.

It should be way to do it, otherwize how the others IPTV app are doing it on IOS and IOSTV.

Thank you in advance.

0
Nassimus OP
Sep ’24

Can you please answer my simple question , how to load any URL in IOS ? ( many iptv player exist on IOS, so they are able to load any arbitrary URL , the question is how to do it ? please it's truly blocking for me.

0
How to load arbitrary insecured stream url on IOS ?
First post date Last post date
 
 
Q