0

I made a javascript cloud app that runs on a webpage in a webview on my iPad app that communicates via WebSocket connection but it only works when im on my http site and not https or else I get an CFNetwork SSLHandshake failed (-9806) error in Xcode and on the website it says time out during handshake.

Is this because the webserver on the iPad is running on HTTP instead of HTTPS?

JAVASCRIPT CLOUD APP

This part in the cloud is working for HTTP when connecting to the web server on the iPad.

var protocol = "ws";
if (this.useSecureConnection)
    protocol = "wss";
var url = protocol+'://localhost:'+this.port+'/service';
this.connection = new WebSocket(url);

Xcode iOS iPad App (Objective-C)

I thought that was the issue so I tried to enable HTTPS but I am not sure what to create for the "sslIdentityAndCertificates" method.

- (BOOL)isSecureServer
{
     HTTPLogTrace();

     // Override me to create an https server...

     return YES;
}

/**
 * This method is expected to returns an array appropriate for use in kCFStreamSSLCertificates SSL Settings.
 * It should be an array of SecCertificateRefs except for the first element in the array, which is a SecIdentityRef.
**/
- (NSArray *)sslIdentityAndCertificates
{
    HTTPLogTrace();
    return nil;
}

Some of the other posts I have seen use APIs that are only available on Mac and not iOS.

I tried several combinations of ATS permissions as well. All resulted in HTTPS not allowing for WebSocket connection.

Any help is greatly appreciated! :)

wsnyder
  • 13
  • 5
  • Since the comm is completely within your app - from the client code in your webview to the cocoaHTTPServer - why do you think you need HTTPS? – Chris Edgington Mar 14 '17 at 03:58
  • When I use HTTP cloud app and HTTP iPad web server it works. But when I use HTTPS cloud app and HTTP iPad web server it doesn't. Our clients will only run our cloud app in HTTPS mode but I get the CFNetwork SSLHandshake failed (-9806) error when using HTTPS cloud app versus just HTTP – wsnyder Mar 14 '17 at 04:49
  • Looks like there is quite a bit of work to do - search stackoverflow for "ios https" to get more clues. http://stackoverflow.com/questions/9874932/ssl-identity-certificate-to-run-an-https-server-on-ios?rq=1 – Chris Edgington Mar 14 '17 at 13:46
  • And again I would ask - if this "cloud app" is just running in a webview connecting to your app server (so everything within the same iOS application bundle) - why is HTTPS required? I see no value in adding SSL to that virtual network connection between the webview and its host. – Chris Edgington Mar 14 '17 at 13:48
  • the cloud hosted webapp is just that. It was built to be used on different devices as a webpage but we needed to add support for bluetooth to connect to a 3rd party hardware. To do that we needed to create a native "wrapper" for the webapp that would get bluetooth messages and process/send messages to the webapp in the webview via webSocket. This allows for the web app to use the bluetooth tool. – wsnyder Mar 14 '17 at 13:55
  • What you're describing makes sense, I've written apps like that where you use a websocket to allow the web app access to native resources. The cloud-hosted webapp will still be "running" in the webview of the native app, so the websocket connection is still this virtual network connection via localhost. There is no reason to need to have that be encrypted. – Chris Edgington Mar 14 '17 at 14:18
  • Any idea how to get around the CFNetwork SSLHandshake failed (-9806) then? I thought it might have been HTTPS related. The webapp that is running in the webview must use HTTPS to connect to the cloud because of client requirements. But the web server on the iPad can be anything. – wsnyder Mar 14 '17 at 15:40
  • The problem you are describing though has nothing to do with the webapp connection to the cloud. If the webapp is having problems with SSL to the cloud, that would be an issue to resolve on the cloud server. I still see no indication that you need to have SSL on the embedded web server in your app. – Chris Edgington Mar 14 '17 at 15:55
  • The webapp is failing to connect to the webserver on the iPad. It can connect to the cloud just fine :/ – wsnyder Mar 14 '17 at 17:02
  • Seems that an HTTPS site must only use HTTPS resources: http://stackoverflow.com/questions/28517391/allow-loading-http-resources-over-https – wsnyder Mar 14 '17 at 18:40
  • So then I do need to figure out how to create a webserver on iPad with SSL using the above methods – wsnyder Mar 14 '17 at 18:44
  • Im going to try this: http://stackoverflow.com/questions/11258911/how-to-make-iphonehttpserver-secure-server – wsnyder Mar 14 '17 at 21:29
  • "An HTTPS site" - the "site" is your cocoaHTTPserver right? I still have not heard you say why that "site" needs to be HTTPS. If the client (the webview) is talking to the site (the cocoaHTTPserver) - there is no need for HTTPS. – Chris Edgington Mar 14 '17 at 23:46
  • Okay, I think i see where the confusion might be. So the webapp is HTTPS://cloudwebapp.example.com (that url uses HTTPS because of our requirements required by the Client who is purchasing the software (not the client as in server/client) and opened in the iPad as a UIWebview. There is also another webserver hosted on the iPad itself. According to HTTPS rules that are enforced by the cloud webapp all resources it is connected to must also be HTTPS. So when the cloud web app tries to connect to the local webserver that is hosted on the iPad it throws the above error. – wsnyder Mar 15 '17 at 16:51
  • Using one of the solutions above I was able to create a self-signed SSL and passed "localhost" as a Subject Alternative Name in the certificate. After that the iPad then viewed the self-signed SSL Certificate as a verified one. I was then able to connect to the webserver hosted on the iPad from my PC after installing the certificate. However it still doesnt work on the iPad even though it shows as green check-marked (verified). – wsnyder Mar 15 '17 at 16:56
  • I posted this same question in apple forums ( https://forums.developer.apple.com/message/216686 ) and an Apple Staff said that it is a known bug in iOS 10 and a work around would be to use WKWebview and their javascript-to-native functions. – wsnyder Mar 15 '17 at 17:37
  • Ok, the clarifications make sense now. Definitely a direct javascript-to-native will work fine, I have done that. You'll definitely need to switch to the WkWebView, then just need to setup the WkUserContentController properly and use window.webkit.messageHandlers.observe.postMessage from the javascript side. – Chris Edgington Mar 15 '17 at 18:44

0 Answers0