https: requests fail in IOS 5 #273

Open
raorahul opened this Issue Oct 14, 2011 · 15 comments

Projects

None yet

7 participants

@raorahul

I'm getting a connection failure when I try to use a synchronous ASIHTTPRequest requestWithURL: when building an app for iOS 5 using XCode 4.2

The moment I changed my URL from https: to http:, everything started working.

Some one has also posted a discussion regarding the same on your Google group:
http://groups.google.com/group/asihttprequest/browse_thread/thread/369ba9f6a46ea836#

Thanks in advance! :)

@leepa
leepa commented Oct 20, 2011

If you say, which URL? Check the certificate and... can you browse said URL in Safari on a real iPhone (even it returns junk)

@raorahul

Sorry for the delay in replying. I was out of town. Yes, everything on the server is perfect. I can browse the URL and get data from it if I'm using an NSURL and NSURLConnection.

@sptramer
sptramer commented Nov 2, 2011

We are experiencing this problem as well in our code. The server-side is currently being verified to have a proper SSL configuration, but we're getting the following error code from the connection:

errSSLPeerHandshakeFail = -9824, /* handshake failure */

Likely has something to do with the stricter authentication being performed by iOS 5.

@raorahul
raorahul commented Nov 2, 2011

We thought it was something to do with our server. However, there is a simple connection test that I perform using NSURLConnection and HTTPS, and that works perfectly well. Owing to that, my code was getting a false negative/positive. We checked everything on our server and everything was perfect there (and as aforementioned, it worked with NSURLConnection).

After reading this: http://groups.google.com/group/asihttprequest/browse_thread/thread/7731197dbe71c260

I created my own little connection manager specific to my project, since we need to launch an update soon and I cannot run my code if it has ASIHTTP and is built in iOS 5.

@weibel
weibel commented Dec 2, 2011

There's a discussion on StackOverflow as well http://stackoverflow.com/questions/7792949/ios-5-https-asihttprequest-stop-working

I fixed the problem by inserting this in the second last line of the Handle SSL certificate settings section
[sslProperties setObject:(NSString *)kCFStreamSocketSecurityLevelSSLv3 forKey:(NSString *)kCFStreamSSLLevel];

@justarb
justarb commented Dec 2, 2011

Unfortunately that code doesn't help in my particular situation. It appears that some of the SSL connection issues can be resolved with this, but not all. I logged a bug report with Apple and they confirmed that there is an issue in the iOS 5 networking code, but as to when (or if?) it will be resolved is anyone's guess. 8^(

@weibel
weibel commented Dec 2, 2011

Have you tried implementing the example code in listing 1 from the Apple dev link you posted above? If I change my example to

[sslProperties setObject:@"kCFStreamSocketSecurityLevelTLSv1_0SSLv3" forKey:(NSString *)kCFStreamSSLLevel];

it still works for me.

@justarb
justarb commented Dec 2, 2011

Yep - I tried that one as well and still no dice. 8^(

@weibel
weibel commented Dec 2, 2011

Unless someone takes the lead on ASIHTTPRequest I think it's time for us to start using other projects instead of patching the existing codebase. For your particular case it might be worth investigating how SSL is set up on your back end and find out if it can be changed to accomodate your needs.

@justarb
justarb commented Dec 2, 2011

If I controlled the back end it would make my life a whole lot easier, but alas I am trying to connect to several different sites and one just isn't playing nice with iOS 5. In fact, the site I am trying to access doesn't even work in Safari on the iPhone, so it's not just us programmers that are feeling this bug bite...

I have tried several other libraries (AFNetworking and CocoaAsyncSockets) and even tried NSURL* and the bare CFNetworking stuff - the bug is deeper than this, so library choice really doesn't make any difference.

@weibel
weibel commented Dec 2, 2011

In that case I don't think you will have any luck with any of the existing libraries. It sounds like the particular site is set up in an uncommon way. Expect this to be time consuming to solve. I would try to learn more about what's going on at the transport layer by using e.g. the openssl utility http://www.openssl.org/docs/apps/openssl.html. In the end you might need to actually talk with the people operating the site and see if they can help you.

@LeeMatthewHiggins

Are you behind a proxy when doing your testing, I've had problems with HTTPS and ASIHTTP when using charles tool (a proxy) It no longer works in IOS 5 when I use charles (same handshake fail). Remove the proxy and its fine.... whats interesting is NSURL (CFNetwork calls) works in this case, so I wonder if the issue is related to ASIHTTP proxy handling and SSL connections.

@justarb
justarb commented Jan 11, 2012

After opening a support incident with Apple and a lot of back and forth I finally resolved my issue with accessing certain https URLs on iOS5. It turns out that a change was made in the iOS 5 networking code which causes iOS to reject secure connections if the server uses a non-standard key length. The server I was talking to had a 2056 byte key, instead of the typical 2048 bytes. I was able to get the server admins to regenerate their key and now everything works fine again.

It may be that Lee's proxy problems might be due to the proxy using a self-signed cert that is of a non-standard length?

This may or may not help with others experiencing similar behaviour, but it might be worth checking the key length of the SSL keys returned by the servers you are trying to connect to.

@samuelrbo

I was looking for an answer in oracle ( google ), and i found. The problem with iOS 5 and ASIHTTPRequest is the ARC ( Automatic Reference Counting ), I solved my problem reading this article http://sugartin.info/2011/08/10/ios5-how-to-turn-off-arc-on-individual-files/ and making the ASI files not using the ARC.
I hope it help someone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment