CFNetwork SSLHandshake failed with AFNetworking 2.0, self-signed cer and [policy setAllowInvalidCertificates:YES]

ios ssl-certificate afnetworking-2 cfnetwork
Gabriel.Massana picture Gabriel.Massana · Apr 10, 2014 · Viewed 8.6k times · Source
  • I'm using AFNetworking 2.
  • I've got a self-signed Root CA certificate in my project Bundle
  • I'm allowing Invalid Certificates with: [policy setAllowInvalidCertificates:YES];
  • My url is https://

So, in theory, the self-signed certificate should be accepted.

AFSecurityPolicy

AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
[policy setAllowInvalidCertificates:YES];

AFHTTPRequestOperationManager

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
[manager setResponseSerializer:[AFHTTPResponseSerializer serializer]];
[manager setRequestSerializer:[AFJSONRequestSerializer serializer]];
[manager setSecurityPolicy:policy];

[manager POST:url
   parameters:dictionary
      success:^(AFHTTPRequestOperation *operation, id responseObject) {
          // Process Response Object
          NSLog(@"JSON: %@", [responseObject description]);

} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
        // Handle Error
        NSLog(@"Failure Error: %@", [error description]);
}];

So nothing is apparently wrong.

My Log:

2014-04-10 15:05:40.412 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.092 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.732 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.734 https_AF2[5548:3607] NSURLConnection/CFURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9800)
2014-04-10 15:05:41.736 https_AF2[5548:60b] Failure Error: Error Domain=NSURLErrorDomain 
Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
UserInfo=0x8d6af80 
{NSErrorFailingURLStringKey=https://(myUrl)/userLogin,
NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,
NSErrorFailingURLKey=https://(myUrl)/userLogin,
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., 
NSUnderlyingError=0x8cb4920 "An SSL error has occurred and a secure connection to the server cannot be made."}

The only reason I can imagine is that the server is not properly configured.

Any idea to solve this problem will be great!

Answer

Gabriel.Massana picture Gabriel.Massana · Apr 11, 2014

I know what the problem is. Finally the problem isn't in the iOS code. The problem was in the url I was given.

A small change in the URL solved all the problems.

from: https://www.domain.com:8080/api/userLogin
to https://domain.com/api/userLogin

As simple as that.

I'm not deleting the question because maybe someone can have the same problem in the future.

Related questions

How to use NSURLConnection to connect with SSL for an untrusted cert?

I have the following simple code to connect to a SSL webpage NSMutableURLRequest *urlRequest=[NSMutableURLRequest requestWithURL:url]; [ NSURLConnection sendSynchronousRequest: urlRequest returningResponse: nil error: &error ]; Except it gives an error if the cert is a self signed one Error Domain=…

Read More
iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

Since I upgraded my existing project with iOS 9, I keep getting the error : An SSL error has occurred and a secure connection to the server cannot be made.

Read More
This certificate has an invalid issuer Apple Push Services

I have created certificate to enable Push Services in my app, but every time I try to add certificate in my Keychain, after adding certificate it shows me following error: This certificate has an invalid issuer

Read More