So i have a localhost running with ssl certificate on my macos machine and it works perfectly fine but when i go on simulator and try to open it there it keeps giving me "unable to establish secure connection error". I've tried downloading the certificate and trusting it on simulator and also i've already tried changing info.plist file with
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Nothing works tho :(
Related
After enabling certificate transparency in Ionic application config file, AJAX calls started failing for iOS 10.3 with SSL error. However, it is working without any issues in iOS 11 and greater. Connection with server works fine with native iOS application, Angular Web Application. It fails only in Cordova compiled application.
Configuration which results in failed AJAX communication
<access minimum-tls-version="TLSv1.2" origin="https://example.com" requires-certificate-transparency="true" requires-forward-secrecy="false" />
Communication works with following setting in XCode
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
In network logs, it seems application is sending UNKNOWN during SSL handshake.
EDIT - had to revisit the question and read it properly
At first I thought the configuration could be at fault but then the:
UNKNOWN during SSL handshake
caught my eye.
As of iOS 10.3, the default for new custom certificates is to not
trust them. Yes, this option existed prior to 10.3 but it was not enforced so it was turn on by default. You can find this information on a charles proxy blog - which is connected to the application, but I think it is valid in your case too.
To enable the certificate:
You have to go to Settings > General > About > Certificate Trust Settings and enable the certificate that is needed.
You can find it mentioned here Technical Q&A QA1948
HTTPS and Test Servers.
In addition:
You can use nscurl tool to diagnose your ATS connection issues.
Usage /usr/bin/nscurl --ats-diagnostics [--verbose] URL then you will what fails in greater detail.
I developed a iOS app that connects to a internal web server. When I used the simulator, it works fine, but when I build the same app on a iPhone, it gives me a error message “an ssl error has occurred and a secure connection to the server cannot be made. " Why the error only occurs on iPhone not in simulator?
Here is my environment
Xcode 8.2
iOS 10.3
Objective C -- My client code is using ATS by default
AFNetworking Framework 3.1
Web Server -- Support TLS 1.2 only
Web Server Cert is not supporting forward secrecy yet.
Could it be because that my Cert is not ATS compliant?
After I read this document from Apple
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>Your Domain</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
My app is now working on devices. My cert on the server is not Forward Secrecy ready yet.
I'm experiencing an issue with my newly installed Xcode 7 where even after installing an SSL certificate on the iOS simulators through Charles (Help > SSL Proxying > Install Charles Root Certificate in iOS Simulators), and explicitly allowing the domain of the server I'm querying in Charles, any attempts to listen in on SSL traffic results in failed connection.
Charles reports the following error:
SSLHandshake: Remote host closed connection during handshake You may
need to configure your browser or application to trust the Charles
Root Certificate. See SSL Proxying in the Help menu.
Xcode console reports:
2015-09-23 11:29:44.173 Citifyd[8352:449043] Error in registration.
Error: Error Domain=NSCocoaErrorDomain Code=3010
"REMOTE_NOTIFICATION_SIMULATOR_NOT_SUPPORTED_NSERROR_DESCRIPTION"
UserInfo={NSLocalizedDescription=REMOTE_NOTIFICATION_SIMULATOR_NOT_SUPPORTED_NSERROR_DESCRIPTION}
2015-09-23 11:29:44.483 Citifyd[8352:449381]
NSURLSession/NSURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9802) 2015-09-23 11:29:44.509
Citifyd[8352:449043] API ERRROR Error Domain=NSURLErrorDomain
Code=-1200 "An SSL error has occurred and a secure connection to the
server cannot be made."
Things worked fine in Xcode 6 under the same setup - anyone have any ideas?
I solved the issue based on this thread:
https://forums.developer.apple.com/thread/4988
iOS 9 (which the Xcode 7 emulators run) has stricter requirements for SSL transport - from user "Poets" in the above thread:
iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid
recent vulnerabilities. In iOS 8 even unencrypted HTTP connections
were supported, so that older versions of TLS didn't make any problems
either. As a workaround, you can add this code snippet to your
Info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
This enables Charles to show you unencrypted traffic when using iOS 9 emulators. You'll likely want to disable this once you distribute your apps.
As the original TestFlight app will be retired in a month, I am trying to get to grips with the iTunes Connect Beta system, which looks like a significant improvement. As directed, I regenerated my provisioning profiles and redownloaded them on my build server.
I then performed the build with the "AppStore|Release" profile and I saw this message in the log:
codesign -v -f -s "XXXXXX" "--resource-rules=/.../MyApp.app/ResourceRules.plist" --entitlements "/../iSnagMobileiOS.xcent" "/../iSnagMobileiOS.app"
The file specified in the entitlements parameter contained the beta-reports-active key as expected:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>get-task-allow</key>
<false/>
<key>application-identifier</key>
<string>XXXXXXX.com.mycompany.myapp</string>
<key>com.apple.developer.team-identifier</key>
<string>XXXXXXXX</string>
<key>beta-reports-active</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>XXXXX.com.mycompany.myapp</string>
</array>
</dict>
</plist>
I then retrieved the generated IPA, which was signed with my distribution certificate. In order to check that the correct entitlement had been applied, I executed this command to check the provisioning profile:
unzip -p MyApp.ipa Payload/MyApp.app/embedded.mobileprovision | security cms -D
Within the XML fragment I could see the entitlements dictionary which contained the flag as expected:
<key>Entitlements</key>
<dict>
<key>keychain-access-groups</key>
<array>
<string>XXXXXXXX.*</string>
</array>
<key>get-task-allow</key>
<false/>
<key>application-identifier</key>
<string>XXXXXXXX.com.mycompany.myapp</string>
<key>com.apple.developer.team-identifier</key>
<string>XXXXXXXXX</string>
<key>beta-reports-active</key>
<true/>
</dict>
There is also no extra Entitlements.plist file in the IPA that might be throwing this off.
I uploaded the IPA with Application Loader 3.0, but I then received this error message:
WARNING: ITMS-90191: "Missing beta entitlement. Your app does not include the beta-reports-active entitlement. If you intend to distribute this build via TestFlight for beta testing, please re-build this app with a newly generated provisioning profile."
I have found numerous hits while searching for this message but none seemed to describe the above the problem; all those users found that regenerating the profile and downloading it again was all that was required.
I wondered if I was perhaps experiencing an issue caused by an older version of XCode or MonoTouch but after I updated both, I still experienced the same problem. I'm going to guess that this issue is not caused by Xamarin but is perhaps caused by a setting I have overlooked in my build configuration, but I could be wrong there.
Hey just became a new iOS developer and everything is fine and dandy so far but I have a warning in Xcode for my .xcodeproj file and it says "Validate Project Settings - Update to recommended settings." When I click on it I get a window that says "Target '(my app name)' - Upgrade DataProtectionClass Entitlement. Upgrades the default file protection level for your application to the recommended value: NSFileProtectionComplete." So I go ahead and click on perform changes so it can do that and the warning goes away but when I try to debug on device I get the error "The entitlements specified in your application's Code Signing Entitlements file do not match those specified in your provisioning profile. (0xE8008016).
If I remove the entitlemnets file which upgraded the default file protection to NSFileProtectionComplete then the wanring in Xcode goes away and it is able to compile and run on the device but then I have the issue of having a warning in xcode that doesn't want to budge.
This happens with a brand new project as well. I'm running Xcode Version 4.4 (4F134) on OS X 10.8 Mountain Lion DP3 (12A178q).
In terminal I went ahead and looked at the entitlements of my .mobileprovision file. (not the wildcard one, but the one with the specific app id)
security cms -D -i /pathto.mobileprovision
And I got this value for the Entitlements key.
<key>Entitlements</key>
<dict>
<key>application-identifier</key>
<string>GLAMURY37G.com.ionescuac.GPS-Status-</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>GLAMURY37G.*</string>
</array>
</dict>
When I built the app in xcode for debug configuration I went ahead and looked at it's entitlements with
codesign -d --entitlements - /pathtoapplication.app
And got this back
<dict>
<key>application-identifier</key>
<string>GLAMURY37G.com.ionescuac.GPS-Status-</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>GLAMURY37G.com.ionescuac.GPS-Status-</string>
</array>
</dict>
And it matches so as expected xcode can run the app on the device. But, xcode is telling me to upgrade to FileProtectionComplete so I do that and then after building my app and checking the app's entitlements again this is what I get.
<dict>
<key>DataProtectionClass</key>
<string>NSFileProtectionComplete</string>
<key>application-identifier</key>
<string>GLAMURY37G.com.ionescuac.GPS-Status-</string>
<key>get-task-allow</key>
<true/>
</dict>
Which makes it NOT match anymore so then I get the error in my first post. If I sign it with the FileProtectionComplete entitlements then xcode gives no warning but it can't run anymore. If I build it without the entitlements then it will run but xcode will keep nagging me with this warning that the FileProtection entitlements should be upgraded to their "recommended settings."
Kinda stuck in a catch 22 situation. Before I joined the developer program I messed around a lot with the simulator and never had any entitlement issues with xcode saying that they needed to be added to the build.