Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-7039] iOS: Network - HTTPClient over SSL generates ASIHTTPRequestErrorDomain error

GitHub Issuen/a
TypeBug
PriorityCritical
StatusClosed
ResolutionInvalid
Resolution Date2012-02-09T23:53:24.000+0000
Affected Version/sRelease 1.8.0.1
Fix Version/sn/a
ComponentsiOS
Labelsn/a
ReporterGerry High
AssigneeStephen Tramer
Created2011-12-15T21:03:49.000+0000
Updated2012-02-09T23:53:24.000+0000

Description

Comments

  1. Gerry High 2011-12-15

    Fix is in this article: http://stackoverflow.com/questions/7792949/ios-5-https-asihttprequest-stop-working In our setup the problem was fixed by inserting [sslProperties setObject:(NSString *)kCFStreamSocketSecurityLevelSSLv3 forKey:(NSString *)kCFStreamSSLLevel]; just above CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
  2. Paul Dowsett 2011-12-19

    Thank you for raising this ticket. If you are able to provide all the information described in the [JIRA Ticket Checklist](http://wiki.appcelerator.org/display/guides/How+to+Submit+a+Bug+Report#HowtoSubmitaBugReport-JIRATicketChecklist) guidelines, *in the correct fields and using the right format*, I will be able to escalate it to the core team. Please click *edit* to amend the body of the ticket, rather than adding a comment. Remember to include a test case. I will mark this resolved for now. Please reopen when the ticket is complete. Thanks in advance.
  3. Paul Dowsett 2011-12-20

    Gerry, thank you for updating the ticket. Would you mind sending the test case to community [at] appcelerator.com? You can mark it "Not to be shared publicly", if it is private. Kind regards
  4. Gerry High 2011-12-22

    I provided a URL to test via email. This is still marked as resolved. Can you comment as to whether you have the information you need to repro? Thanks.
  5. Paul Dowsett 2011-12-22

    I am very sorry, Gerry, but I did not receive the email :/ Would you check the address and send again? There should be a button at the top of this ticket to reopen it. Cheers
  6. Gerry High 2011-12-22

    I resent it to community@appcelerator.com and jira@appcelerator.com. I guess I'm blind but don't see a button at the top of this ticket to reopen it.
  7. Gerry High 2011-12-27

    Paul--can you comment on how I'm supposed to re-open this ticket? Gerry
  8. Gerry High 2012-01-04

    Just following up as I haven't gotten a response since 12/22.
  9. Paul Dowsett 2012-01-04

    Gerry, would you please resend the email. We have not received it. Thank you
  10. Gerry High 2012-01-08

    Paul--I've resent it multiple times. Are you certain you have not gotten it? Thanks.
  11. Paul Dowsett 2012-01-08

    Gerry, I can't find it. Send it again, today, and let me know when you have done so. I will check as soon as I see your comment. Thank you
  12. Stephen Tramer 2012-01-09

    We already offer TLS versioning on clients in iOS. Please see this document: http://developer.appcelerator.com/apidoc/mobile/latest/Titanium.Network.HTTPClient.tlsVersion-property.html This ticket will be closed as WON'T FIX once it is confirmed that this feature solves the issue.
  13. Gerry High 2012-01-09

    Yeah, I tried that but it makes no difference. It fails the same way. And if you look at the code in ASIHTTPRequest.m this is what I see: With tlsVersion set to 1.2 you get this line of code executed: [sslProperties setObject:sslVersion forKey:(NSString*)kCFStreamSSLLevel]; where sslVersion becomes: "kCFStreamSocketSecurityLevelTLSv1_2SSLv3" versus this line which I had to add to make it work: [sslProperties setObject:(NSString *)kCFStreamSocketSecurityLevelSSLv3 forKey:(NSString *)kCFStreamSSLLevel]; I'm not sure how iOS is handling the difference between the 2 strings but can tell you that the first string does not work with my SSL service.
  14. Mauro Parra-Miranda 2012-01-11

    Hello, the customer's mobilesdk was tainted. He downloaded the sdk again, and everything worked just fine. Closing. Mauro
  15. Mauro Parra-Miranda 2012-01-11

    Fixed. Customer's mobilesdk was corrupted. He downloaded it again and everything worked as expected.
  16. Gerry High 2012-01-11

    Huh? I think you are mistaken with someone else? I never indicated that my sdk was corrupted. Was there someone else you are thinking of?
  17. Stephen Tramer 2012-01-11

    This may need to be reopened so that we can support legacy servers (or protocols?) which don't even support TLS 1.0 and only accept SSLv3.
  18. Neeraj Gupta 2012-01-12

    Reopening this bug based on Gerry's last comment.
  19. Stephen Tramer 2012-01-18

    Gerry - I don't know if you provided us with the sample code, but tlsVersion Ti.Network.TLS_VERSION_1_0 works with the REST request in that. Again, see the documentation I referenced earlier. There is a description of when you need to manually set a lower TLS version than 1.2, and you are required to test these values before submitting a bug regarding SSL connectivity over Ti.Network.HTTPClient. If setting a tlsVersion lower than 1.2 resolves your issue please inform us so that we can close this bug as INVALID.
  20. Gerry High 2012-01-19

    Stephen-you are correct in that it does work with the 1.0 setting so just mark this as working. Thanks-Gerry
  21. Thomas Huelbert 2012-01-23

    closing based on Gerry and Steven comments.

JSON Source