Problems with SSL Pinning and AFNetworking 2.5.0 (NSURLErrorDomain error -1012.)
After reading through the AFNetworking code & and checking the change logs, here's what I had to do to get this working.
Create your AFSecurityPolicy object with AFSSLPinningModeCertificate:
AFSecurityPolicy* policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
By default, AFNetworking will validate the domain name of the certificate. Our certificates are generated on a per-server basis, and not all of them will have a domain name, so we need to disable that:
[policy setValidatesDomainName:NO];
Since the certificates are self-signed, they are technically 'invalid', so we need to allow that as well:
[policy setAllowInvalidCertificates:YES];
Lastly, AFNetworking will attempt to validate the certificate all the way up the certificate chain, which to me seems like it would only go up the chain to OUR CA, but for whatever reason it doesn't, so we have to disable that too:
[policy setValidatesCertificateChain:NO];
And that's it! Set the security policy in your request manager like you're already doing and it should work fine.
So, recap, all you really need to change in the code you posted is this:
A) As David Caunt mentioned, change your pinning mode from AFSSLPinningModeNone
to AFSSLPinningModeCertificate
and
B) Add the line to disable validating the domain name: [policy setValidatesDomainName:NO]
Another note, AFNetworking now automatically checks your bundle for .cer files, so if you were to rename your certificate to have a .cer extension, you can eliminate the code to get the certificate data out of the bundle and set the pinned certificates.
Error 1012 when using SSL in AFNetworking 2.0
Well, apparently you should also add your intermediate certificate and root certificate to the app bundle. Afer I did that, it started to work!
NSURLErrorDomain Code=-1012 with Reverse Proxy
Problem solved.
Don't implement this delegate for NSURLSession..
-(void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler
.. just implement this delegate for NSURLSessionTask.
-(void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler
This solved my problem
AFNetworking 2.0 valid certificate, still no connection (error 1012)
Yes, got it!
First I checked the status of my ssl-server at: http://www.sslshopper.com/ssl-checker.html
Then I saw that there was something wrong. The certificate was not trusted by all major web browsers.. So, I had to add the CA-bundle on my server en then tada! All tests passed.
I checked directly my connection with the app and yes, it worked immediately :)
Maybe some of you guys have the same situation, and this could be your answer :) Good luck!
Cheers, Joey
Related Topics
Disable the Uitableview Highlighting But Allow the Selection of Individual Cells
How Does Uiedgeinsetsmake Work
Cannot Install Cocoapods - No Podfile Found in the Project Directory
Any Way to Print in Color with Nslog
Uiimagepickercontroller Camera View Rotating Strangely on iOS 8 (Pictures)
Uiactivityviewcontroller - Email and Twitter Sharing
How to Implement "Drag Right to Dismiss" a View Controller That's in a Navigation Stack
How to Find a Specification in Cocoapods
Ios: Change the Height of Uisegmentedcontrol
Improper Advertising Identifier [Idfa] Usage
How to Detect the Colour of an iPhone 5C
Cocoapods: Unable to Find a Specification for [Privatespec] Depended Upon by [Privateclientspec]
How to Convert Text to Image on iOS
Draw iOS 7-Style Squircle Programmatically
How to Use Multi-Path Update with the Rest API in Firebase? Error 400