![]() What might have changed in ATS for iOS 11 that could cause this issue? ![]() I have re-evaluated and tested both the CA and server certificates every way I can think of, and they work everywhere except iOS 11. No changes have been made to our -URLSession:didReceiveChallenge:completionHandler code, and we have a proper (worked for years) implementation of challenge response via. Disabling ATS via NSAllowsArbitraryLoads allows access to the servers, but obviously isn't a solution. Although we use AFNetworking in our app, that seems to be irrelevant, as Safari no longer trusts these servers via the CA. I spent considerable time trying to resolve this issue, scouring StackOverflow and the rest of the web. NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway? NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made. _kCFNetworkCFStreamSSLErrorOriginalValue= -9802 We receive the following relevant details with CFNETWORK_DIAGNOSTICS enabled for our app:Įrror Domain=kCFErrorDomainCFNetwork Code= -1200 Starting with iOS 11 the installed CA certificate no longer allows Safari or our app to trust the certificate for any of the servers. This allows access to all of our internal test servers without having to trust each server individually. We simply install the CA certificate on any new device or simulator and everything works, even with ATS. ![]() This has worked fine for years, in both Safari and our iOS product, all the way through iOS 10. ![]() On our internal network, we use a self-signed CA certificate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |