1 Reply
      Latest reply: Mar 31, 2017 9:37 AM by eskimo RSS
      A_lis Level 1 Level 1 (0 points)

        Things to note before reading:

        • This is using a plain old TCP socket not a HTTP request.
        • Plain text traffic works without issue.
        • Other platform builds using LibreSSL library also work without issue.
        • Our iOS build using SSLHandshake fails about 80% of the time, other times works without issue.

         

        During the times the call to SSLHandshake fails it exchanges the following bytes:

         

        write:

        151

        read:

        5, 89, 5, 2797

         

        It seems like it gives up once it starts reading certificates back from the server. I am assuming thats what the 2797 chunk of bytes is. SSLHandshake then fails and returns with error code -50.

         

        During the times the SSLHandshake  call succeeds it exchanges the following bytes:

         

        write:

        151

        read:

        5, 89, 5, 5574, 5, 333, 5, 4

        write:

        75, 6, 45

        read:

        5, 1, 5, 40

         

        Then the handshake succeeds and returns noErr. I cannot for the life of me figure out why it fails when it does and succeeds when it does. Any input would be greatly appreciated.

        • Re: SSLHandshake returns -50
          eskimo Apple Staff Apple Staff (6,665 points)

          Error -50 is errSecParam, which is a very generic error indicating that someone (usually the caller, but potentially the remote peer) passed in bad parameters.  There are lots of potential reasons for this failure and it’s hard to work out what went wrong based on the info you’ve posted.

          Try poking at your server with TLSTool.  If that works all the time there’s definitely someone wrong with your use of Secure Transport.  OTOH, if that replicates the failure then it’s more likely to be a problem with the actual TLS traffic on the wire.

          Also, double check that your I/O functions are working as expected; this post has the details.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"