All geek questions in one place

ASIHTTPRequest error with SSL in iOS 5.0 / 5.0.1

I am using ASIHTTPRequest v1.8.1 to request HTTPS. The problem is that it does not work on iOS 5.0 and 5.0.1, while on 5.1 and 5.1.1 it works fine. The code is pretty simple:

__block ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:RemoteNotiURL]]; [request setPostValue:@"i" forKey:@"plat"]; [request setPostValue:token forKey:@"token"]; [request setValidatesSecureCertificate:NO]; [request setCompletionBlock:^{ NSLog(@"done"); }]; [request setFailedBlock:^{ NSLog(@"error = %@", [request error]); }]; [request startAsynchronous];

RemoteNotiURL is a url like https://xxx.example.com

Error:

 error = Error Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)" UserInfo=0x18460b0 {NSUnderlyingError=0x1853ab0 "The operation couldn't be completed. (OSStatus error -9800.)", NSLocalizedDescription=A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)}

What can i do with this?

+4
source share
1 answer

As @JosephH said the solution includes changing ASIHTTPRequest.m to change the kCFStreamSSLLevel property of the sslProperties dictionary. Find comment in this file // Tell CFNetwork not to validate SSL certificates

There is an if clause in this comment

 if (![self validatesSecureCertificate]) { // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys: [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates, [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot, [NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain, kCFNull,kCFStreamSSLPeerName, nil]; CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, (CFTypeRef)sslProperties); [sslProperties release]; }

Change the if clause to

 if (![self validatesSecureCertificate]) { // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys: [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates, [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot, [NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain, kCFNull,kCFStreamSSLPeerName, @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel, nil]; CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, (CFTypeRef)sslProperties); [sslProperties release]; }else { NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys: [NSNumber numberWithBool:NO], kCFStreamSSLAllowsExpiredCertificates, [NSNumber numberWithBool:NO], kCFStreamSSLAllowsAnyRoot, [NSNumber numberWithBool:YES], kCFStreamSSLValidatesCertificateChain, @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel, nil]; CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, (CFTypeRef)sslProperties); [sslProperties release]; }

This should make the queries work again. Both requests that verify SSL certificates and those that do not verify them.

Tested on iOS 5.0.1 and 5.1.1.

Hope this helps.

+13
source

Source: https://habr.com/ru/post/1411451/

More articles:


All Articles