I'm using a self-signed certificate. But my host domain maybe different from the certificate or may be IP adresses.
But I find that the code is not working when ATS is turned on.
The weird thing is the domain verification will fail but the pure IP address will be ok.
// Get remote certificate SecTrustRef serverTrust = challenge.protectionSpace.serverTrust; SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0); // Set SSL policies for domain name check NSMutableArray *policies = [NSMutableArray array]; NSString *trustDomain = [NSString stringWithFormat:@"%@:%d", challenge.protectionSpace.host, challenge.protectionSpace.port]; [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)trustDomain)]; SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies);
The error info is
{
NSErrorClientCertificateStateKey = 0;
....
NSLocalizedDescription = "An SSL error has occurred and a secure connection to the server cannot be made.";
NSLocalizedRecoverySuggestion = "Would you like to connect to the server anyway?";
NSURLErrorFailingURLPeerTrustErrorKey = "<SecTrustRef: 0x14fd8a90>";
NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1200 \"(null)\" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorCodeKey=-9802, _kCFStreamErrorDomainKey=3, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x14fd8a90>, kCFStreamPropertySSLPeerCertificates=(....)}";
"_kCFStreamErrorCodeKey" = "-9802";
"_kCFStreamErrorDomainKey" = 3;
}