2

I'trying to fetch some info on a stream with a call to a server that should give me some JSON object (and it happens with Safari) but it seems that both on simulator and android it end up with SSL handshake failed exception. The usual call is normal http which can't be used anymore in iOS, so while in Safari simply changing it to https do the trick, in Codenameone results in SSL handshake failed exception. Furthermore the same trick in a WebBrowser component let me see the web page of the radio without SSL handshake failed.

I'm using ConnectionRequest to fetch JSON data.

Is there a way to avoid that exception without changing the server configuration?

Fabrizio Grassi
  • 75
  • 7
  • That's a problem in JavaSE that you are seeing because of the certificate authority in your server. You can workaround it like this: http://stackoverflow.com/questions/6659360/how-to-solve-javax-net-ssl-sslhandshakeexception-error Notice that on the device this might be a problem as it is outside of our control. I'm assuming this is only for debugging – Shai Almog Feb 19 '17 at 06:02

1 Answers1

1

Codenameone works a little bit different from browsers. Browsers can give you security popup which you can choose to ignore but Codenameone won't allow you to just change non-secure http to https.

You can still use normal http with your app and get it to work on iOS by adding this build hint:

 ios.plistInject = <key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/></dict><key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleURLName</key> <string>com.myCompany.myPackageName.MyApp</string> </dict> <dict> <key>CFBundleURLSchemes</key> <array> <string>MyApp</string> </array> </dict> </array>

If you already have an ios.plistInject build hint, just add this value after a comma in front of the existing value.

com.myCompany.myPackageName.MyApp is your reverse domain name dot your app name.

Diamond
  • 7,428
  • 22
  • 37
  • Thank you Diamond, you are really present! I read about that build hint but I also read that I'll have to explain Apple why I want my app to be insecure, so I'm keeping it as the very last chance. I'm going to wait for better solutions before taking this as the solution! – Fabrizio Grassi Feb 18 '17 at 14:54
  • Use this solution during the development stage and secure your webservices communication when you are ready to go live. SSL certificate only cost few bucks per year from many providers and you can then switch to https. I understand why apple is forcing that, because any security breach on Apple App store apps will always affect their security reputation in the mobile space. – Diamond Feb 18 '17 at 15:15