9

I got an app which use ASIHTTPRequest.

I recompiled my app with iOS 5 (sdk : 5.0 / xcode: 4.2 Build 4D199 ) and the https connections fail with error message (the same call with https disabled works fine):

Error Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred" UserInfo=0xa8e66e0 {NSUnderlyingError=0xa8ac6c0 "The operation couldn’t be completed. (OSStatus error -9844.)", NSLocalizedDescription=A connection failure occurred}

With debug log enabled:

[STATUS] Starting asynchronous request <ASIFormDataRequest: 0xd96fc00>

[CONNECTION] Request <ASIFormDataRequest: 0xd96fc00> will not use a persistent connection

[STATUS] Request <ASIFormDataRequest: 0xd96fc00>: Failed

[CONNECTION] Request #(null) failed and will invalidate connection #(null)

I found this related post: https://devforums.apple.com/message/537440#537440 which could explain my problem.

based on the idea that iOS 5 prefer TLS 1.2, I try changing the setting kCFStreamSocketSecurityLevelTLSv1 in AIHTTPRequest.m                     

  NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                     [NSNumber numberWithBool:YES],
kCFStreamSSLAllowsExpiredCertificates,
                                     [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                     [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                     kCFNull,kCFStreamSSLPeerName,
                                      kCFStreamSocketSecurityLevelTLSv1, kCFStreamSSLLevel,// my modif
                                     nil];

with no success. Maybe my modification is incorrect?

Details:

  • I got the ARC disabled
  • I use libz.1.2.5.dylib
  • I updated the ASIHTTPRequest a week ago.

I do not know if the issue is a certificate story (like TLS version) or something else.

any help/idea is welcome !

BoltClock
  • 700,868
  • 160
  • 1,392
  • 1,356
Loda
  • 1,970
  • 2
  • 20
  • 40

5 Answers5

6

On our setup the problem was fixed by inserting 

[sslProperties setObject:(NSString *)kCFStreamSocketSecurityLevelSSLv3 forKey:(NSString *)kCFStreamSSLLevel];

just above

CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);

in the Handle SSL certificate settings section.

EDIT: According to http://developer.apple.com/library/ios/#technotes/tn2287/_index.html#//apple_ref/doc/uid/DTS40011309 the following should be more robust

[sslProperties setObject:@"kCFStreamSocketSecurityLevelTLSv1_0SSLv3" forKey:(NSString *)kCFStreamSSLLevel];
weibel
  • 143
  • 2
  • 6
  • Thanks for the solution. This is working for my iPhone app but when I am putting the same line in my iPad ASIHTTPRequest it's not working. What could be the possible solution? Thank you. :) – Akshay Oct 04 '12 at 13:27
  • Since I answered this question ASI has stopped maintaining ASIHTTPRequest and I have started using AFNetworking https://github.com/AFNetworking/AFNetworking. – weibel Nov 02 '12 at 19:40
6

Here is the final solution:

https://developer.apple.com/library/ios/#technotes/tn2287/_index.html#//apple_ref/doc/uid/DTS40011309

        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                       [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                       kCFNull,kCFStreamSSLPeerName,
                                       @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
                                       nil];

Adding this param:

                                       @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
ValentiGoClimb
  • 750
  • 3
  • 13
  • 23
  • 1
    See also this patch: https://github.com/ignaval/asi-http-request/commit/c782abbeb204156d30ecbb902915d1eaf9b10f9e#comments - you want to add the property to the validateCertificate=YES case as well – ckhan Jun 19 '12 at 20:52
  • For me, @ckhan's change was required also before it would work on 5.0 – leontx Aug 07 '12 at 06:29
  • force `kCFStreamSocketSecurityLevelTLSv1_2` works with this method too – ReDetection Aug 20 '15 at 07:51
5

looks like the ASIHTTPRequest is being abandoned. and the current version got issue with iOS 5.

http://groups.google.com/group/asihttprequest/browse_thread/thread/7731197dbe71c260

they recommend moving to NSURLConnection.

Christ
  • 450
  • 6
  • 10
1

These are the things I would try:

  1. Download a fresh copy of asihttprequest, put it into a newly created very simple app that just makes single http and see if it behaves the same
  2. Try against other https servers see if you get the same behaviour (try with some of the big name ones, eg https://twitter.com - linkedin, google, etc, all have https versions too)
  3. Try the same server in Safari (still on the iOS device)

For what it's worth, I have ASIHTTPRequest on iOS5 working fine with my customer's https servers - I didn't have to make any changes for iOS5.

JosephH
  • 37,173
  • 19
  • 130
  • 154
  • thanks for the tips. #1 : no change; #2: other web page works fine. ; #3 : with the native browser, the page display as expected. ; Could you be kind enough to tell me with version of TLS your customer' server use when called from your app? – Loda Oct 18 '11 at 07:57
  • I'm not honestly sure; do you know how I would check? From the evidence so far I does sound like it is the same TLSv1.2 problem as the link you posted to the Apple forums - perhaps you should post your code there and hope Quinn can take a look? – JosephH Oct 18 '11 at 13:06
  • as I feared, and as you suggested, it could be a server related issue. So, I'm unsure how I can ask this in a forum (NDA). Any how, if the TLS version is the problem, why doesn't my modification fix it ?... Thanks for the help anyway, I'm glad to know it is not a general issue with ASIHTTPRequest/iOS5. – Loda Oct 18 '11 at 14:06
1

Try using kCFStreamSocketSecurityLevelSSLv3 instead of TLSv1. That worked for me when I ran into a similar situation. I'm not sure why the auto-negotiation isn't falling back to the right protocol, but at least on some servers it seems to fail under ASIHttpRequest where it would work with NSURLConnection.

Ryan Gregg
  • 11
  • 1