I'm getting (kCFStreamErrorDomainSSL, -9813) when connecting to a client's server.
The client's server has a self signed certificate that I can not change. The app is using AFNetworking 3.x. I've tried the following but nothing seems to work.
If someone could help me, it will be much appreciated.
Info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key> *** CLIENT HOSTNAME *** </key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
AFNetworking connection manager:
AFHTTPSessionManager *manager = [[AFHTTPSessionManager alloc]initWithSessionConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
#ifdef USE_SELF_SIGNED_CERT_RULES
manager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
manager.securityPolicy.allowInvalidCertificates = YES;
manager.securityPolicy.validatesDomainName = YES;
#endif
I had the same problem. I tried your solution but it did not work. Settings allowInvalidCertificates , validatesDomainName and AFSSLPinningModeCertificate did not solved my problem. After going through lots of googling I saw the structure of AFSecurityPolicy this class.
There is a function in this class
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
forDomain:(nullable NSString *)domain;
You have to subclass the AFSecurityPolicy and return YES in its implementation. Then you will be able to connect to your server.
My client server was also self-signed.
Settings properties on AFSecurityPolicy does not solve the problem, I wonder why.