17

I just downloaded the latest version of xCode (9.0 beta (9M136h)).

However, when I try to make a request to my server in iOS 11 simulator (Using NSURLConnection sendAsynchronousRequest), an error is received:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9807) NSURLConnection finished with error - code -1202

NSError object contains the message - @"NSLocalizedDescription" : @"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “***” which could put your confidential information at risk."

The plist contains:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

so it is not the problem in this case (I guess)

Needless to say that it is working in iOS 10/9/8

Any suggestions?

Thanks in advance!

dor506
  • 5,246
  • 9
  • 44
  • 79
  • Get a fix for this issue? – cvb Jun 30 '17 at 15:51
  • 1
    @ChrisVanBuskirk Not exactly. I spoked to our sever guy which said it is probably related to the certificate which expired. Looks like in iOS 11 they emphasize the whole security issue. As for now I'm using completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust)) in didReceive challenge of URLSession delegates just to make it work. – dor506 Jul 02 '17 at 06:34
  • @dor506 can you please show your fix? I've been working on this for 9 hours today and I take any help I can get atm. First time coding in obj c for me. – ODelibalta Sep 24 '17 at 02:51
  • @ODelibalta check out the answer – dor506 Sep 24 '17 at 07:01

3 Answers3

6

You need to allow your application to run HTTP (no S) connections. By default, Apple only allows HTTPS:

  1. go to your info.plist

    here

  2. then press the plus icon on any of them

  3. Search for "App Transport Security Settings" here

  4. click the little arrow to the left and find "Allow arbitrary loads", by default it is set to "NO" change it to "YES"

Community
  • 1
  • 1
Carter4502
  • 157
  • 1
  • 11
  • 2
    You get blamished for poor security practice according to people from Security.SE and Crypto.SE. – DannyNiu Oct 26 '17 at 02:04
  • could be, but it is a solution to his problem – Carter4502 Oct 26 '17 at 13:16
  • 4
    it's not solution, for example i have HTTP request and i already set Allow arbitrary loads to YES but anyway i have the same error: Task <6CBEEC35-4B88-43A1-9269-1B919EA0FD81>.<72> finished with error - code: -999 – Genevios Mar 07 '18 at 15:57
  • Did it like you described it but when I rebuild my app I get the same error as before... – nicowi Jan 10 '19 at 07:27
1

For all of you who get this error in iOS 11, please make sure you're working against valid (secured) certificate in your server.

In our case, the certificate wasn't strict enough.

Once our server guy integrated new valid certificate, the problem has gone.

One way to check if the certificate is secured, is to past the problematic link in the browser.

As a result, you might see that the connection is not secured:

enter image description here

dor506
  • 5,246
  • 9
  • 44
  • 79
  • I appreciate the update however, this does not apply to me. Chrome is fine with going to the URL as well as Safari on my iOS 11 test phone – ODelibalta Sep 24 '17 at 15:10
  • @dor506. how do you create a certificate such that you solved this problem? I'm seeing it in iOS 13. – paiego Apr 08 '20 at 19:27
0

Since you've got an invalid certificate error, I'll make the following suggestion based on my personal security practice.

If you're still in your servicing terms with your CA, ask them to issue a new valid certificate for you.

Check your Keychain setting and make sure no CA cert is missing.

Alternatively, you can issue your own self-signed certificate for testing purposes, and add it to your local Keychain as trust anchor. A search for "how to create self-signed x509 certificate" will return something you might find useful.

DannyNiu
  • 1,313
  • 8
  • 27