Adopt App Transport Security on iOS 9

[1ec5]

All MGLMapboxEvents HTTP requests fail on iOS 9 with the following error:

Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fea5a771010>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorCodeKey=-9802, NSUnderlyingError=0x7fea5a5d03d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fea5a771010>, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://cloudfront-staging.tilestream.net/events/v1?access_token=…, NSErrorFailingURLStringKey=https://cloudfront-staging.tilestream.net/events/v1?access_token=…, _kCFStreamErrorDomainKey=3}

Mapbox GL needs to adopt App Transport Security. See this blog post for details.

/cc @bleege @kkaefer @incanus

[bleege]

/cc @mapbox/mobiledata

[1ec5]

Further reading:

https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/
http://www.neglectedpotential.com/2015/06/working-with-apples-application-transport-security/

[1ec5]

If I set NSExceptionRequiresForwardSecrecy=NO or NSExceptionAllowsInsecureHTTPLoads=YES for the cloudfront-staging.tilestream.net domain in the Info.plist, the errors go away.

[1ec5]

Whoops, forgot to open a PR on this. In any case, 0178c94 exempts the Metrics staging server from the App Transport Security’s PFS requirement. That server should never be used in production code anyways: applications developed using Mapbox GL will use the normal Mapbox API server.

[1ec5]

Also, to be clear, this issue only affected the staging server; the production server already supports PFS and needs no exemptions.