1

Already found the same thread here, but that not resolved my problem.

I have added NSAppTransportSecurity and NSAllowsArbitraryLoads in info.plist.

Screenshot:

enter image description here

Added the below codes from this article.

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>pm-admin.smartwcm.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowInsecureHTTPSLoads</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <true/>
                <key>NSExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
                <key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key>
                <false/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <true/>
                <key>NSThirdPartyExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
                <key>NSRequiresCertificateTransparency</key>
                <false/>
            </dict>
        </dict>
    </dict>

I am using HTTP REST APIs. When running the project I am getting the following exception:

System.Net.WebException: An SSL error has occurred and a secure connection to the server cannot be made. ---> Foundation.NSErrorException: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?

Am I missing something or do anything wrong?

Dan Robertson
  • 4,315
  • 12
  • 17
Sreejith Sree
  • 3,055
  • 4
  • 36
  • 105
  • Is the SSL certificate valid? Is it connecting to the hostname on the certificate? Is the certificate self-issued? If you open the url in your browser do you get any prompts related to the certificate? – Maximilian Feb 02 '19 at 10:10
  • @Maximilian I have the same rest apis in another app which is already in appstore. This is a public rest api and no problems if it open in a browser.. – Sreejith Sree Feb 02 '19 at 10:43
  • @Maximilian All my REST APIs are HTTP, If I change it into HTTPS is that work? – Sreejith Sree Feb 02 '19 at 12:29
  • That would most likely resolve the issue – Maximilian Feb 02 '19 at 14:32

2 Answers2

3

Cause: Since iOS 9, iOS will only allow your application to communicate with servers that implement best-practice security by default. Values must be set in Info.plist to enable communication with insecure servers.It seems that you only AllowInsecureHTTPSLoads but forget to add AllowsInsecureHTTPLoads

Solution: Add the following code in your info.plist to trust your domain.

<key>NSAppTransportSecurity</key>
 <dict>
 <key>NSExceptionDomains</key>
 <dict>
  <key>pm-admin.smartwcm.com</key>
  <dict>       
   <key>NSExceptionRequiresForwardSecrecy</key>
   <false/>
   <key>NSExceptionAllowsInsecureHTTPLoads</key>
   <true/>
   <key>NSIncludesSubdomains</key>
   <true/>
   ...... 
  </dict>
 </dict>

Here is a similar issue that you can refer.

Lucas Zhang
  • 18,630
  • 3
  • 12
  • 22
  • Getting following exception when adding the above code: System.Net.WebException: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “pm-admin.smartwcm.com†which could put your confidential information at risk. ---> Foundation.NSErrorException: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “pm-admin.smartwcm.com†which could put your confidential information at risk." – Sreejith Sree Feb 04 '19 at 06:11
  • Can you share your sample? – Lucas Zhang Feb 04 '19 at 06:14
  • I created this sample last weak, so didn't add the code in info.plist, can you please add it? – Sreejith Sree Feb 04 '19 at 06:41
  • It seems that your sample contains your userName and password .I suggest that you should delete it to prevent privacy breaches. – Lucas Zhang Feb 04 '19 at 07:05
  • I will try your demo. – Lucas Zhang Feb 04 '19 at 07:05
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/187836/discussion-between-lucas-zhang-msft-and-sreejith-sree). – Lucas Zhang Feb 04 '19 at 07:35
  • Hi @SreejithSree did you solve this issue? – Irshad Apr 05 '22 at 17:59
  • @Irshad As per Lucas's answer, I solved my problem. – Sreejith Sree Apr 06 '22 at 11:38
0

Because you must to use certificate.

class ViewController: UIViewController, URLSessionDelegate,URLSessionTaskDelegate {

var urlSession: Foundation.URLSession!

  override func viewDidLoad() {
        super.viewDidLoad()
        urlSession = URLSession(configuration: URLSessionConfiguration.default, delegate: self, delegateQueue: nil)
}

    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

        let serverTrust = challenge.protectionSpace.serverTrust
        let certificate = SecTrustGetCertificateAtIndex(serverTrust!, 0)
        let policies = NSMutableArray();
        policies.add(SecPolicyCreateSSL(true, (challenge.protectionSpace.host as CFString)))
        SecTrustSetPolicies(serverTrust!, policies);
        var result: SecTrustResultType = SecTrustResultType(rawValue: 0)!
        SecTrustEvaluate(serverTrust!, &result)
        let isServerTrusted:Bool = (result == SecTrustResultType.unspecified || result == SecTrustResultType.proceed)
        let remoteCertificateData:NSData = SecCertificateCopyData(certificate!)
        let pathToCert = Bundle.main.path(forResource: "certificateName", ofType: "crt")
        let localCertificate:NSData = NSData(contentsOfFile: pathToCert!)!
        let credential:URLCredential = URLCredential(trust: serverTrust!)
        completionHandler(.useCredential, credential)

    }


}
Hassine Othmene
  • 1
  • 1