I'm new to Alamofire, but this should be really simple, and I'm not sure why I'm running into an issue.
I'm using XCode8, Swift3, and Alamofire 4.0.1, and building for iOS9.
The URL I'm accessing is secured with a brand new cert acquired from GoDaddy. Both Chrome and Safari can load the secure site on my MacBookPo, and all looks well.
However the following code:
Alamofire.request(buildRequestString().addingPercentEncoding(withAllowedCharacters: NSCharacterSet.urlQueryAllowed)! ).validate().responseJSON { response in
switch response.result {
case .success(let data):
print(JSON(data))
case .failure(let error):
print(error)
}
}
results in the following error: (not I have replace my address/domain for security reasons)
[] nw_coretls_read_one_record tls_handshake_process: [-9801]
[] nw_endpoint_flow_protocol_error [1.1 12.345.67.890:443 in_progress socket-flow (satisfied)] TLS protocol sent error: [-9801]
[] nw_endpoint_flow_protocol_disconnected [1.1 12.345.67.890:443 in_progress socket-flow (satisfied)] Output protocol disconnected
[] nw_endpoint_resolver_receive_report [1 sub.domain.ext:443 in_progress resolver (satisfied)] received child report:[1.1 12.345.67.890:443 failed socket-flow (satisfied)]
[] nw_connection_endpoint_report [1.1 12.345.67.890:443 failed socket-flow (satisfied)] reported event flow:failed_connect, error Error Domain=kNWErrorDomainTLS Code=-9801 "Security Error: -9801" UserInfo={NSDescription=Security Error: -9801}
[] nw_connection_endpoint_report [1 sub.domain.ext:443 failed resolver (satisfied)] reported event flow:failed_connect
[] __tcp_connection_start_block_invoke 1 sending event TCP_CONNECTION_EVENT_DISCONNECTED in response to state failed and error Error Domain=kNWErrorDomainTLS Code=-9801 "Security Error: -9801" UserInfo={NSDescription=Security Error: -9801}
[] tcp_connection_event_notify 1 event: TCP_CONNECTION_EVENT_DISCONNECTED, reason: nw_connection event, should deliver: true
[] tcp_connection_cancel 1
[] nw_endpoint_handler_cancel [1 sub.domain.ext:443 failed resolver (satisfied)]
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
[] nw_endpoint_handler_cancel [1.1 12.345.67.890:443 failed socket-flow (satisfied)]
[] nw_resolver_cancel_on_queue 0x600000101b00
[] -[NWConcrete_tcp_connection dealloc] 1
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x608000046e70 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://sub.domain.ext/api/v1/Assignment?query=%22%22&device=%22%22, NSErrorFailingURLStringKey=https://sub.domain.ext/api/v1/Assignment?query=%22%22&device=%22%22, _kCFStreamErrorDomainKey=3}
Can anyone give me some insight as to why this error is occurring? It appears as if the site is not being trusted, even though there is a valid cert in place. Are there any other settings within XCode I need to adjust to allow this connection? The Alamofire documentation seemed to indicate the code above was all that was necessary.
To summarize the comments, @OP's site did not meet Apple's iOS ATS requirements. When tested with SSL Labs, the site scored an F and indicated lack of support for TLS. While bypassing ATS could have been an option, the server's TLS configuration was improved using the IIS Crypto tool as described at https://scotthelme.co.uk/getting-an-a-on-the-qualys-ssl-test-windows-edition/
Note: DO NOT set up Strict Transport Security without knowing what it does.
This addressed the issue.