CFNetwork SSLHandshake failed with AFNetworking 2.0, self-signed cer and [policy setAllowInvalidCertificates:YES]

Gabriel.Massana picture Gabriel.Massana · Apr 10, 2014 · Viewed 8.6k times · Source
  • I'm using AFNetworking 2.
  • I've got a self-signed Root CA certificate in my project Bundle
  • I'm allowing Invalid Certificates with: [policy setAllowInvalidCertificates:YES];
  • My url is https://

So, in theory, the self-signed certificate should be accepted.

AFSecurityPolicy

AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
[policy setAllowInvalidCertificates:YES];

AFHTTPRequestOperationManager

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
[manager setResponseSerializer:[AFHTTPResponseSerializer serializer]];
[manager setRequestSerializer:[AFJSONRequestSerializer serializer]];
[manager setSecurityPolicy:policy];

[manager POST:url
   parameters:dictionary
      success:^(AFHTTPRequestOperation *operation, id responseObject) {
          // Process Response Object
          NSLog(@"JSON: %@", [responseObject description]);

} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
        // Handle Error
        NSLog(@"Failure Error: %@", [error description]);
}];

So nothing is apparently wrong.

My Log:

2014-04-10 15:05:40.412 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.092 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.732 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.734 https_AF2[5548:3607] NSURLConnection/CFURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9800)
2014-04-10 15:05:41.736 https_AF2[5548:60b] Failure Error: Error Domain=NSURLErrorDomain 
Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
UserInfo=0x8d6af80 
{NSErrorFailingURLStringKey=https://(myUrl)/userLogin,
NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,
NSErrorFailingURLKey=https://(myUrl)/userLogin,
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., 
NSUnderlyingError=0x8cb4920 "An SSL error has occurred and a secure connection to the server cannot be made."}

The only reason I can imagine is that the server is not properly configured.

Any idea to solve this problem will be great!

Answer

Gabriel.Massana picture Gabriel.Massana · Apr 11, 2014

I know what the problem is. Finally the problem isn't in the iOS code. The problem was in the url I was given.

A small change in the URL solved all the problems.

from: https://www.domain.com:8080/api/userLogin
to https://domain.com/api/userLogin

As simple as that.

I'm not deleting the question because maybe someone can have the same problem in the future.