NSURLSession connection issue due to ATS

Hi,


I have an IOS app connecting to a remote server (or running locally on my Mac for testing). My server is running in a servlet container and it's configured with TLSv1.2. All requests between my IOS App and the server are using HTTPs. The server is using a self signed certificate.


I'm using XCode 7 beta3, IOS 9 beta3 on an iPad Air.


I still have the same exception (and very well known 😁):


Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x7fa96d004cb0 {NSErrorFailingURLStringKey=https://localhost:8443/MyServer/App, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://localhost:8443/MyServer/App, _kCFStreamErrorCodeKey=-9802, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}


Below is the code I'm using for didReceiveChallenge, is there anything missing or wrong? This code runs perfectly well with IOS 8.


- (void)URLSession:(NSURLSession *)session
didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {

    [RequestURLUtilities dumpChallenge:challenge];


    if (challenge.protectionSpace != Nil) {
        NSURLProtectionSpace *protection = challenge.protectionSpace;
        SecTrustRef sslState = protection.serverTrust;
        if (sslState == Nil) {
            NSLog(@"%s Warning: empty serverTrust",__PRETTY_FUNCTION__);
        }
  
  
        if ([protection.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
      
            NSLog(@"%s => NSURLAuthenticationMethodServerTrust", __PRETTY_FUNCTION__);
         
            NSURLCredential* credential = [NSURLCredential credentialForTrust:sslState];
         
        
      
           completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
        } else {
            NSLog(@"%s => Called for another challenge", __PRETTY_FUNCTION__);
           completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, NULL);
        }
   
  
    }

}


My only workaround is to completely disable ATS in the info.plist with

<key>NSAppTransportSecurity</key>

<dict>

<key>NSAllowsArbitraryLoads</key>

<true/>

</dict>


I have tried others combinations (with NSExceptionDomains) but it doesn't work.

Thanks for your help!


Sébastien.

Up vote post of sebastien78 Down vote post of sebastien78
1.5k views
Posted by
sebastien78
Reply
Add a Comment

Replies

I'm going to assume that this is the same issue as your other post, so I'll respond over there.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment