kCFStreamErrorDomainSSL error -9809 on setup #315

Closed
hohl opened this Issue Feb 26, 2014 · 8 comments

Comments

Projects
None yet
4 participants

hohl commented Feb 26, 2014

Connecting has worked for a while, but now I get the following error message without having changed anything:

Error Domain=kCFStreamErrorDomainSSL Code=-9809 "The operation couldn’t be completed. (kCFStreamErrorDomainSSL error -9809.)" UserInfo=0x16e2b950 {NSLocalizedRecoverySuggestion=Error code definition can be found in Apple's SecureTransport.h}

The error is passed to xmppStreamDidDisconnect:withError: nearly instantly after setup and without calling any other delegate method.

I'm connecting to a self-hosted Openfire 3.9.1 XMPP server (using SSL with a VeriSign trusted SSL certificate) which should work fine since connecting with other XMPP clients (like Adium) works fine.

Any idea what is going wrong?

Collaborator

ObjColumnist commented Feb 26, 2014

Im guessing you have updated to iOS 7.0.6? 😄

I would look at the Security Wiki Page and work back from there.

hohl commented Feb 26, 2014

Yes I have. But shouldn't this fix some SSL stuff?

I've already tried to add

- (void)xmppStream:(XMPPStream *)sender willSecureWithSettings:(NSMutableDictionary *)settings
{
    [settings setObject:@YES forKey:(NSString *)kCFStreamSSLAllowsAnyRoot];
} 

but it still doesn't work, just a different error when adding that lines of code:

Error Domain=NSOSStatusErrorDomain Code=-9809 "The operation couldn’t be completed. (OSStatus error -9809.)

Collaborator

ObjColumnist commented Feb 26, 2014

iOS 7.0.6 Fixes a SSL Loophole which you might of (unknowingly) been using.

Maybe setting kCFStreamSSLValidatesCertificateChain to @no might help?

hohl commented Feb 26, 2014

Changes the error message, but still doesn't work:

CFNetwork SSLHandshake failed (-9809) XMPPStream did disconnect. (Error: Error Domain=NSOSStatusErrorDomain Code=-9809 "The operation couldn’t be completed. (OSStatus error -9809.)")

by using:

- (void)xmppStream:(XMPPStream *)sender willSecureWithSettings:(NSMutableDictionary *)settings
{
    [settings setObject:@NO forKey:(NSString *)kCFStreamSSLValidatesCertificateChain];
}
Collaborator

ObjColumnist commented Feb 26, 2014

Im not sure what to suggest, as you are finding out the SSL Errors are not very useful.

Collaborator

ObjColumnist commented Mar 15, 2014

Did you manage to get to the bottom of this?

I found some similar issues, maybe you should setting your device time to auto, as the ssl will check time correctly.

I have the same problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment