300 Views 3 Replies
      Latest reply: Sep 14, 2016 2:00 AM by eskimo RSS
      Cybernet Systems Level 1 Level 1 (0 points)
      Cybernet Systems Sep 12, 2016 11:20 PM

        Hello everyone,

         

        In my application I'm trying to download data from Amazon server.

         

        In all devices expect iphone 4s (ios 8.4.1) everything works fine but with iphone4s I'm getting the following error:

         

        NSURLConnection/CFURLConnection HTTLP load failed kCFStreamErrorDomainSSl -9807

         

        (following the way I'm trying to download data, I also have the -9802 error code)

         

        The 2 download way I've tried so far was:

        - load data into NSData with NSData dataWithContentsOfURL (not really a good way to do it but file size is just 200 kb)

        - AWSS3TransferUtility with Cognito Credential

         

         

        In my info.plist, I've already set App Transport Security Setting with AllowArbitrary Loads set to true and set Exception Domains following AWS setting

        but so far no luck for iphone 4s.

         

        Is there any known bug for this device?

         

        Could you please tell me if there is a way to fix this issue?

         

        I really thank you in advance for your help.

        • Tags:
        • Re: NSURLConnection/CFURLConnection HTTP load failed
          eskimo Apple Staff Apple Staff (7,190 points)
          eskimo Sep 13, 2016 1:49 AM (in response to Cybernet Systems)

          In all devices expect iphone 4s (ios 8.4.1) everything works fine but with iphone4s I'm getting the following error:

          Is the iPhone 4S your only iOS 8 test device?  Or does iOS 8 work in general but things fail on this specific iPhone 4S?

          Error -9807 is errSSLXCertChainInvalid, meaning that the device was unable to build a certificate chain from the server’s leaf certificate to a trusted root.  If you run the following command against your server, what do you see?

          $ TLSTool s_client -connect example.com:443 -noverify

          Remember to replace example.com with the DNS name of your server.

          btw TLSTool is sample code which you can get here.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: NSURLConnection/CFURLConnection HTTP load failed
              Cybernet Systems Level 1 Level 1 (0 points)
              Cybernet Systems Sep 13, 2016 3:06 AM (in response to eskimo)

              Thank you for your reply

               

              Below are the test result:

               

              iphone 4s iOS9.0 : error kCFStreamErrorDomainSSl

              iphone 4s iOS 8.4.1: error kCFStreamErrorDomainSSl

              iphone 5s iOS 8.4.1: error timeout

              iphone 5c iOS 9.3.5 : everything works fine

              iphone 6s+ iOS 9.3.5 : everything works fine

              ipad 2 Wi-fi + 3D iOS 8.3 : everything works fine

               

              with TLSTool, I've tried the following command:

              command1: ./TLSTool s_client -connect amazonaws.com:443 -noverify

              and the result was: error NSPOSIXErrorDomain

               

              command2: ./TLSTool s_client -connect ec2-52-196-182-108.ap-northeast-1.compute.amazonaws.com:443

              and the result was: error NSPOSIXErrorDomain

               

              command 3 : ./TLSTool s_client -connect ap-northeast-1.compute.amazonaws.com:443

              and the result was : error kCFErrorDomainCFNetwork

                • Re: NSURLConnection/CFURLConnection HTTP load failed
                  eskimo Apple Staff Apple Staff (7,190 points)
                  eskimo Sep 14, 2016 2:00 AM (in response to Cybernet Systems)

                  with TLSTool, I've tried the following command:

                  In future it would be helpful if you posted the full output; TLSTool prints a whole bunch of useful diagnostic info, and it’s important to see it all.

                  In these specific cases, however, there seems to be a forward actuator stick error.  Let’s look at each of your examples in turn.

                  $ TLSTool s_client -connect amazonaws.com:443 -noverify
* error NSPOSIXErrorDomain / 61
* bytes sent 0, bytes received 0

                  POSIX error 61 is ECONNREFUSED, meaning that this server is not listening on the HTTPS port (443).

                  $ TLSTool s_client -connect ec2-52-196-182-108.ap-northeast-1.compute.amazonaws.com:443
* error NSPOSIXErrorDomain / 61
* bytes sent 0, bytes received 0

                  Ditto.

                  $ TLSTool s_client -connect ap-northeast-1.compute.amazonaws.com:443
* error kCFErrorDomainCFNetwork / 2
* bytes sent 0, bytes received 0

                  CFNetwork error 2 is kCFHostErrorUnknown.  And lo, that DNS name simply does not exist.

                  $ host ap-northeast-1.compute.amazonaws.com
$

                  From this it’s clear that your TLSTool tests don’t match the code in your app.  What URLs are you trying to connect to?

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"