1

My project is running on Xcode 7.3.

When i just make a GET request i got the error as title and the information:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

error message:

The certificate for this server is invalid. You might be connecting to a >server that is pretending to be “https://api.domain.com” which >could put your confidential information at risk.

https://api.domain.com:9002

I search the solution but none works. Add these into info.plist

 <key>NSAppTransportSecurity</key>
    <dict>
      <key>NSAllowsArbitraryLoads</key>
      <true/>
    </dict>

OR (my current setting)

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>https://api.domain.com:9002</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>

I Searched:

https://stackoverflow.com/a/32912578/291240

https://stackoverflow.com/a/36209583/291240

https://stackoverflow.com/a/34999957/291240

Community
  • 1
  • 1
William Hu
  • 15,423
  • 11
  • 100
  • 121

1 Answers1

1

THE SSL certificate used by your server is invalid, or your server is not https at all.

Please try connecting by using http:// instead of https://

PS: I am not able to open this link in my browser, https://api.domain.com:9002

but this could have been a placeholder, so please try this.

But otherwise, there is also a way, by which you can ignore the error:

WARNING - THIS WOULD ALSO make your code vulnerable to MitM attacks, So best this is to fix your SSL on server

Set your NSURLConnection delegate as self and add below code 

    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
  return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
  if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    if ([trustedHosts containsObject:challenge.protectionSpace.host])
      [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

  [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

FOR NSURLSESSION check this answer, NSURLSession Delegate

UPDATE

Above code will be vulnerable to MitM attacks,

please check this SSL Pinning for NSURLSession, for a secured way.

Community
  • 1
  • 1
gunjot singh
  • 2,578
  • 20
  • 28
  • thanks. It is https. But the ssl is invalid. I want escape them. But your method seems for NSURLConnection, which is good for IOS 6 and above, i want to use NSURLSession, any help on this? – William Hu Mar 30 '16 at 06:56
  • thank you! It works! But another question is this only for development, does Apple will reject it if you submit this? – William Hu Mar 30 '16 at 07:20
  • 1
    yes, they might. please check this for a secured method. http://www.jonflanders.com/?p=1415. Also updated my answer. – gunjot singh Mar 30 '16 at 07:29