6 Replies
      Latest reply on Jun 18, 2018 7:57 AM by STim
      STim Level 1 Level 1 (0 points)

        Hi !

         

        I use an UIWebview in my app for display the html party on several http/https servers in my local network.

        In this UIWebView, the html site ask a websoket connexion. Without a https, It's working.

        But when i ask same html site with a https connexion, UIWebView show this site but the secure websocket connexion doesn't work...

        Error :

        CFNetwork SSLHandshake failed (-9807)
        TCP Conn 0x60400016edc0 SSLHandshake failed (-9807)
        

        The certificat for https connexion is self-signed.

         

        Thanks for your help !

        • Re: UIWebview with secure web socket and self-signed certificat
          eskimo Apple Staff Apple Staff (9,685 points)

          First things first, it’s time to move away from UIWebView and on to WKWebViewUIWebView is officially deprecated as of the iOS 12 SDK.

          As to the error you’re seeing, a secure web socket connection does standard RFC 2818 TLS server trust evaluation.  Last I checked neither UIWebView nor WKWebView let you override this.  The best way forward here depends on your final deployment scenario.  Why is your server using a self-signed certificate?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: UIWebview with secure web socket and self-signed certificat
              STim Level 1 Level 1 (0 points)

              Indeed, for WKWebView I had thought of it, I will implement it and see !

              In my company, we selling machines with a http/https server without domain name. They have a default ip adress.

              So, we have generate a identique self-signed certificat for all machines.

              The client must then change the certificate but many do not and still use https connexion.

                • Re: UIWebview with secure web socket and self-signed certificat
                  eskimo Apple Staff Apple Staff (9,685 points)

                  In my company, we selling machines with a http/https server without domain name.

                  You mean some sort of network-based accessory?

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: UIWebview with secure web socket and self-signed certificat
                      STim Level 1 Level 1 (0 points)

                      Machines is used for save cameras images.

                      Sometimes, machines is connected to internet but clients don't add a https certificat.

                      I trying to change UIWebView to WKWebView today.

                        • Re: UIWebview with secure web socket and self-signed certificat
                          eskimo Apple Staff Apple Staff (9,685 points)

                          I trying to change UIWebView to WKWebView today.

                          That will help for loading the web page itself (WKWebView supports the -webView:didReceiveAuthenticationChallenge:completionHandler: delegate method that lets you handle the NSURLAuthenticationMethodServerTrust authentication challenge) but I don’t think it will help for WebSocket.  Last I checked neither UIWebView nor WKWebView let you override the default RFC 2818 TLS server trust evaluation done by their WebSocket implementation.  The only way I’ve found around this is to bounce to native code and do your own WebSocket implementation using an API, like NSStream, that lets you custom TLS server trust evaluation.

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"