I have custom hardware device with REST API. Device has self-signed root certificate. I'am trying to make simple GET call but all my request failed with:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
More description:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
Error Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fa2fb219530>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, NSErrorPeerCertificateChainKey=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}, NSUnderlyingError=0x7fa2fb3018e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fa2fb219530>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9808, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk., NSErrorFailingURLKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorFailingURLStringKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorClientCertificateStateKey=0}
My code in subclass of AFHTTPSessionManger is
NSData *myCertificate = [NSData dataWithContentsOfFile: [[NSBundle mainBundle] pathForResource:@"selfSignedRootCertificate" ofType:@"cer"]];
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
securityPolicy.validatesDomainName = NO;
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.pinnedCertificates = @[myCertificate];
And i tried to add exception to plist according to changes in iOS 9.0
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I have no idea what I'm doing wrong. My point was pin my self-signed-root certificate to app to be able use https connection. Can you please help me with correct way how to do it?
I have AFNetworking (2.6.1).
Thanks for your help!
So I finally found the source of problem. Problem was in ssl-library on the custom hardware device. After reimplement on hardware, everything work like a charm.