Menu
I tried all previous answers before but none worked for me. I maybe know the problem and the error is misleading I guess. I am trying to make api request to a server which is https but does not have SSL. Also the apis work only through VPN. So I am disabling SSL verification and it works fine everywhere (in a simulator, postman, android, mac) except a real iOS device.
What leads I get so far is :
The error literally seems like to me is with my code or something logical which needs to be done on iOS to actually work on real device for security(if it is there).
So here I'll share the implementation which made it work on simulator so far (prior to which I was getting same error on simulator).
I am implemented URLSessionDelegate to my router class and allowed arbitrary loads in info.plist. So all are fine url, request etc.
The delegate is not getting called on real device.
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
}
Before making request:
let config = URLSessionConfiguration.default
let session = URLSession(configuration: config, delegate: self, delegateQueue: .main)
Info plist file contents
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>*my.domain*.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
</dict>
</dict>
</dict>
Console errors:
[] nw_proxy_resolver_create_parsed_array PAC evaluation error:
NSURLErrorDomain: -1003
2018-06-26 20:12:08.646042+0530 MyApp[806:161960] TIC TCP Conn Failed [1:0x1c416f000]: 12:8 Err(-65554)
2018-06-26 20:12:08.646740+0530 MyApp[806:161964] Task <DCE45907-5758-4CC0-91A1-9EFD53FFDA0A>.<1> HTTP load failed (error code: -1003 [12:8])
2018-06-26 20:12:08.646971+0530 MyApp[806:161964] Task <DCE45907-5758-4CC0-91A1-9EFD53FFDA0A>.<1> finished with error - code: -1003
Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo={NSUnderlyingError=0x1c044cfc0 {Error Domain=kCFErrorDomainCFNetwork Code=-1003 "(null)" UserInfo={_kCFStreamErrorCodeKey=8, _kCFStreamErrorDomainKey=12}}, NSErrorFailingURLStringKey=https://my.domain.com/myurl/public/api, NSErrorFailingURLKey=https://my.domain.com/myurl/public/api, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=A server with the specified hostname could not be found.}
2018-06-26 20:14:17.727091+0530 MyApp[806:161970] Received XPC error Connection interrupted for message type 3 kCFNetworkAgentXPCMessageTypePACQuery
2018-06-26 20:14:17.727533+0530 MyApp[806:161970] Received XPC error Connection invalid for message type 3 kCFNetworkAgentXPCMessageTypePACQuery
610
Update your Android Open Settings. Find System update or Software update. Check for and install available updates. Try Netflix again.
If you see this message in your Showcase Workshop app, it's likely you have a problem with your internet connection rather than the app itself. It usually occurs when your tablet or device has WiFi or mobile data switched on, but the quality of the data connection is poor or there's a problem with service.
One common phrase Apple users may see as an error message includes the term: "A server with the specified hostname could not be found." This indicates that the server name in question is either misspelled or no longer available. To change a server name on iOS devices, users can go directly to their phone settings.
check By Replacing
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
}
with following
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
if challenge.protectionSpace.authenticationMethod == (NSURLAuthenticationMethodServerTrust) {
let serverTrust:SecTrust = challenge.protectionSpace.serverTrust!
var localCertificateTrust = SSLCertificateCreateTrustResult(serverTrust)
SecTrustEvaluate(serverTrust, &localCertificateTrust)
if true
{
let credential:URLCredential = URLCredential(trust: serverTrust)
challenge.sender?.use(credential, for: challenge)
completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
} else {
completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
}
}
else
{
completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil);
}
}
fileprivate func SSLCertificateCreateTrustResult(_ serverTrust: SecTrust)->SecTrustResultType {
let certificate: SecCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0)!
let remoteCertificateData = CFBridgingRetain(SecCertificateCopyData(certificate))!
let cerPath: String = Bundle.main.path(forResource: "cert", ofType: "der")!
let localCertificateData = NSData(contentsOfFile:cerPath)!
print(localCertificateData.length)
print((remoteCertificateData as! NSData).length)
let certDataRef = localCertificateData as CFData
let cert = (SecCertificateCreateWithData(nil, certDataRef))
let certArrayRef = [cert] as CFArray
SecTrustSetAnchorCertificates(serverTrust, certArrayRef)
SecTrustSetAnchorCertificatesOnly(serverTrust, false)
let trustResult: SecTrustResultType = SecTrustResultType.invalid
return trustResult
}
also here is whole transport security in my case.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>dev-domainserver/portal</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With