UIWebview with secure web socket and self-signed certificat

Hi !


I use an UIWebview in my app for display the html party on several http/https servers in my local network.

In this UIWebView, the html site ask a websoket connexion. Without a https, It's working.

But when i ask same html site with a https connexion, UIWebView show this site but the secure websocket connexion doesn't work...

Error :

CFNetwork SSLHandshake failed (-9807)
TCP Conn 0x60400016edc0 SSLHandshake failed (-9807)

The certificat for https connexion is self-signed.


Thanks for your help !

Accepted Reply

I trying to change

UIWebView
to
WKWebView
today.

That will help for loading the web page itself (

WKWebView
supports the
-webView:didReceiveAuthenticationChallenge:completionHandler:
delegate method that lets you handle the
NSURLAuthenticationMethodServerTrust
authentication challenge) but I don’t think it will help for WebSocket. Last I checked neither
UIWebView
nor
WKWebView
let you override the default RFC 2818 TLS server trust evaluation done by their WebSocket implementation. The only way I’ve found around this is to bounce to native code and do your own WebSocket implementation using an API, like
NSStream
, that lets you custom TLS server trust evaluation.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

First things first, it’s time to move away from

UIWebView
and on to
WKWebView
.
UIWebView
is officially deprecated as of the iOS 12 SDK.

As to the error you’re seeing, a secure web socket connection does standard RFC 2818 TLS server trust evaluation. Last I checked neither

UIWebView
nor
WKWebView
let you override this. The best way forward here depends on your final deployment scenario. Why is your server using a self-signed certificate?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Indeed, for WKWebView I had thought of it, I will implement it and see !

In my company, we selling machines with a http/https server without domain name. They have a default ip adress.

So, we have generate a identique self-signed certificat for all machines.

The client must then change the certificate but many do not and still use https connexion.

In my company, we selling machines with a http/https server without domain name.

You mean some sort of network-based accessory?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Machines is used for save cameras images.

Sometimes, machines is connected to internet but clients don't add a https certificat.

I trying to change

UIWebView
to
WKWebView today.

I trying to change

UIWebView
to
WKWebView
today.

That will help for loading the web page itself (

WKWebView
supports the
-webView:didReceiveAuthenticationChallenge:completionHandler:
delegate method that lets you handle the
NSURLAuthenticationMethodServerTrust
authentication challenge) but I don’t think it will help for WebSocket. Last I checked neither
UIWebView
nor
WKWebView
let you override the default RFC 2818 TLS server trust evaluation done by their WebSocket implementation. The only way I’ve found around this is to bounce to native code and do your own WebSocket implementation using an API, like
NSStream
, that lets you custom TLS server trust evaluation.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Confirmation, WKWebView don't work for https+websocket with self-signed certificat.

But, i don't think to implement modifications to native code.

So, thanks for your sharing !


Bye