CFNetwork SSLHandshake failed (-9805) about swifthttp HOT 11 CLOSED

Fairly generic error, but I do know SwiftHTTP works fine with HTTPS. Is the connection a self signed SSL certificate? I might try adding the self signed SSL code from the README.

https://github.com/daltoniam/SwiftHTTP#authentication

Also if you are testing with the iOS Simulator try restarting it. I have seen weird network related issues with the simulator that require it to be restarted.

from swifthttp.

@daltoniam It's not self-signed, it's issued by COMODO. I've tried restarting the sim but the same issue persists. Is there no way to bypass SSL or enforce TLS1.0 or SSL3.0 ?

from swifthttp.

@theblixguy ran across a similar issue with an API I built using a valid COMODO cert. The iOS app was using AFNetworking, but for some strange reason AFNetworking thought it was invalid. I haven't had a chance to track it down, but setting AFNetworking securityPolicy.allowInvalidCertificates to true got it working. Here is my theory thus far. SwiftHTTP, like AFNetworking uses NSURLSession under the hood. When NSURLSession gets a challenge (say SSL in this case) it invokes this delegate method:

URLSession(session: NSURLSession, task: NSURLSessionTask, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential!) -> Void)

In SwiftHTTP, if the authentication is not set it will just use the default handling, which in this case is failing. In AFNetworking case, if the challenge is a NSURLAuthenticationMethodServerTrust (SSL) it will run logic that ultimately boils down to using the Apple API SecTrustEvaluate to check the trust of the certificate that we received in the challenge. My guess is that SecTrustEvaluate does not like the trust in the COMODO cert and is failing. So as @daltoniam stated above I would try and see if you can allow that connection by allowing "self-signed" certs, or maybe track down the SecTrustEvaluate and see what it returns for your cert.

from swifthttp.

@acmacalister I tried using the self-signed method, but I still get

2015-01-06 15:30:46.421 PIPiOS[956:20640] CFNetwork SSLHandshake failed (-9805) 2015-01-06 15:30:46.422 PIPiOS[956:20640] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9805)

I'm not sure how to use SecTrustEvaluate or something else since I'm just a beginner

from swifthttp.

@theblixguy interesting. Do you have any example code or domain in we can use to reproduce this?

from swifthttp.

@daltoniam Yes,

let randomUUID:String = NSUUID().UUIDString.stringByReplacingOccurrencesOfString("-", withString: "", options: NSStringCompareOptions.LiteralSearch, range: nil).lowercaseString
let username = usernameTextField.text
let password:String = passwordTextField.text
let parameters = ["succ": "wprin_menu.personal_page",
            "server":"4", "pid":randomUUID, "user":username, "password":password,
            "action":"OK"]

var request = HTTPTask()
        var attempted = false
        request.auth = {(challenge: NSURLAuthenticationChallenge) in
            if !attempted {
                attempted = true
                return NSURLCredential(forTrust: challenge.protectionSpace.serverTrust)
            }
            return nil
        }
        request.POST("https://kmis.brookes.ac.uk/csms/w_secure.login", parameters: parameters, success: {(response: HTTPResponse) in

            var alert = UIAlertController(title: "Success", message: "Login success", preferredStyle: UIAlertControllerStyle.Alert)
            alert.addAction(UIAlertAction(title: "Okay", style: UIAlertActionStyle.Default, handler: nil))
            self.presentViewController(alert, animated: true, completion: nil)

            },failure: {(error: NSError, response: HTTPResponse?) in

                var alert = UIAlertController(title: "Failure", message: "Login failure", preferredStyle: UIAlertControllerStyle.Alert)
                alert.addAction(UIAlertAction(title: "Okay", style: UIAlertActionStyle.Default, handler: nil))
                self.presentViewController(alert, animated: true, completion: nil)

        })

from swifthttp.

Sweet, that helps a lot, thanks.I am getting the same error. The underlining error return is kCFErrorDomainCFNetwork error -1200, which means the SSL connection failed for an unknown reason. My only guess is that might be because it is getting a 404 for the resource requested:

Is this the expected behavior?

from swifthttp.

No, the URL is correct. If the login fails it redirects you to a Login failed page. Here's the equivalent Java code that I'm using for POSTing and it works fine:

public boolean LoginToPIP(String username, String password) {
        boolean status = false;
        httpClient = new DefaultHttpClient();
        String responseBody;
        httpPost = new HttpPost("https://kmis.brookes.ac.uk/csms/w_secure.login");
        List<NameValuePair> loginRequestPair = new ArrayList<NameValuePair>(6);
        loginRequestPair.add(new BasicNameValuePair("succ", "wprin_menu.personal_page"));
        loginRequestPair.add(new BasicNameValuePair("server", "4"));
        loginRequestPair.add(new BasicNameValuePair("pid", UUID.randomUUID().toString().replaceAll("-", "")));
        loginRequestPair.add(new BasicNameValuePair("user", username));
        loginRequestPair.add(new BasicNameValuePair("password", password));
        loginRequestPair.add(new BasicNameValuePair("action", "OK"));

        try {
            httpPost.setEntity(new UrlEncodedFormEntity(loginRequestPair));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }

        try {
            HttpResponse response = httpClient.execute(httpPost);
            responseBody = EntityUtils.toString(response.getEntity());
            if (!responseBody.contains("Login Failed")) {
                status = true;
                doc = Jsoup.parse(responseBody);
            }

        } catch (ClientProtocolException cpe) {
            // Ignore
        } catch (IOException ioe) {
            // Ignore
        }
        return status;
    }

from swifthttp.

Okay, made a small mistake. In my Swift code, in parameters, it should be "action":"OK" instead of "result":"OK" but it doesn't fix the issue

2015-01-06 22:42:39.525 PIPiOS[3856:207357] CFNetwork SSLHandshake failed (-9805) 2015-01-06 22:42:39.526 PIOiOS[3856:207357] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9805)

I tried logging directly, like

https://kmis.brookes.ac.uk/csms/w_secure.login?succ=wprin_menu.personal_page&server=4&pid=c3aa955f961a4db8b6ba4880890f00a2&user=myusername&password=mypassword&action=OK and it worked, so yeah, the URL is correct.

from swifthttp.

hmmm interesting. Seems like it might be a bug in the SSL handling of NSURLSession. Not sure why it wouldn't like your SSL cert. I might recommend trying the code on real device. Also for the sake of testing, might want to try using a raw NSURLSession. I would wager the same error will come back.

from swifthttp.

I think we have narrowed this down to an environment issue or a bug in NSURLSession. I would recommend doing a simple NSURLSession example to reproduce the issue and open a bug on the apple radar.

from swifthttp.