14

I know that if I use following nsurlconnectiondelegate it will be fixed

– connection:willSendRequestForAuthenticationChallenge: – connection:canAuthenticateAgainstProtectionSpace

But I am trying to use

sendAsynchronousRequest:queue:completionHandler:

So you don't get the callback. I looked into apple docs it say following

If authentication is required in order to download the request, the required credentials must be specified as part of the URL. If authentication fails, or credentials are missing, the connection will attempt to continue without credentials.

I could not figure out how to do that. When I looked up all I got is this private call

+(void)setAllowsAnyHTTPSCertificate:(BOOL)inAllow forHost:(NSString *)inHost;

Any idea how to do this?

Following is the error I get

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “example.com=0x8b34da0 {NSErrorFailingURLStringKey=https://example.com/test/, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://example.com/test/, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “example.com” which could put your confidential information at risk., NSUnderlyingError=0xa26c1c0 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “example.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=

Improve this question
0

8 Answers 8

Reset to default
11

The webserver which you are using is asking for Server Trust Authentication, you need to properly respond with the appropriate action. You need to implement connection:willSendRequestForAuthenticationChallenge: delegate method and use SecTrustRef to authenticate it.

More information can be found here:- https://developer.apple.com/library/ios/technotes/tn2232/_index.html

This was my code to fix error:

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { NSURLProtectionSpace *protectionSpace = [challenge protectionSpace]; id<NSURLAuthenticationChallengeSender> sender = [challenge sender]; if ([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) { SecTrustRef trust = [[challenge protectionSpace] serverTrust]; NSURLCredential *credential = [[NSURLCredential alloc] initWithTrust:trust]; [sender useCredential:credential forAuthenticationChallenge:challenge]; } else { [sender performDefaultHandlingForAuthenticationChallenge:challenge]; } }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

7

Try this.

Initiate your session using custom session config as shown below:

let session = URLSession(configuration: URLSessionConfiguration.ephemeral, delegate: self, delegateQueue: nil)

Implement the following delegate callback method:

public func urlSession(_: URLSession, task _: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { guard let serverTrust = challenge.protectionSpace.serverTrust else { return completionHandler(URLSession.AuthChallengeDisposition.useCredential, nil) } return completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: serverTrust)) }
Improve this answer

2 Comments

A combination of this and setting Allow Arbitary Loads to YES works for me
yeah, I assumed that people would have made it YES already. But yes it does need to enable arbitrary load.
5

you can't fix it with the way you are trying

  • either drop to CFNetworking to allow bad certs
  • use NSConnection with a delegate and an undoc'd method
  • use the private API you found

all not good. CFNetwork would have to be OK for apple for now but the other 2 methods aren't even appstore-safe

Better get the server fixed. Thats the easiest and CLEANEST

Improve this answer

3 Comments

Turns out that the call was rerouted to the server was causing this issue. Fixed it by pointing directly to server.
@Daij-Djan If private API is used then App would be rejected while submission to App-Store in case App is for production.
yes, which is write I wrote it "CFNetwork would have to be OK for apple for now but the other 2 methods aren't even appstore-safe"
5

If you are using AFNetworking, you can use this code:

(Just as a temp client-side solution!)

AFHTTPSessionManager * apiManager = [AFHTTPSessionManager initWithBaseURL:[NSURL URLWithString:baseURL]; AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone]; policy.allowInvalidCertificates = YES; apiManager.securityPolicy = policy;
Improve this answer

1 Comment

@JayprakashDubey well, then look at the accepted answer
1

This issue cannot be fixed with the way you are trying with blocks. you need to set delegates and implement the authentication challenge delegates to bypass the certificate validation. Best solution is to either create a right certificate (make sure it is not self-signed) or change the protocol to HTTP if you are fine with it.

Improve this answer

Comments

1

In my case, this error occurred due to my firewall blocked the required url. it's worked fine after removing firewall restrictions

Improve this answer

Comments

0

That is a certificate error. you need to change your settings so that your program/os ignores the certificate, or add the url/certificate to a trusted list.

Sorry that is authentication, certificate is authentication. I took a look, and I found this article.

Not sure if it will resolve your issue, but it basically states, that they don't cover the case of connecting to a site with how a certificate in the documentation.

http://www.cocoanetics.com/2009/11/ignoring-certificate-errors-on-nsurlrequest/

Improve this answer

1 Comment

-1 bad advice you can't do it this way: quote: " I have received a report that somebody got his app rejected for using this method. So you can really only use this for testing."
0

In my case, this error occurred due to my system date. It was set as an old date, and the certificate is not effective from that old date. After correct the date, it works.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.