I'm using AFNetworking to access a HTTPS website.
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
// We modify AFSecurityPolicy to allow invalid certificate only for beecloud.cn
manager.securityPolicy.allowInvalidCertificates = YES;
[manager GET:@"https://url" parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
NSLog(@"JSON: %@", responseObject);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"Error: %@", error);
}];
But I got the following errors:
2014-03-06 00:46:13.311 xctest[61972:1b27] CFNetwork SSLHandshake failed (-9806)
2014-03-06 00:46:13.371 xctest[61972:1b27] CFNetwork SSLHandshake failed (-9806)
2014-03-06 00:46:13.456 xctest[61972:1b27] CFNetwork SSLHandshake failed (-9806)
2014-03-06 00:46:13.458 xctest[61972:1b27] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)
2014-03-06 00:46:13.461 xctest[61972:303] Error: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x102a2aa50 {NSUnderlyingError=0x10c0dd710 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorFailingURLStringKey=, NSErrorFailingURLKey=, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
It turns out that at our server side, we are generating a self-signed certificate using the keys generated using the default DSA algorithm. Somehow iOS has trouble dealing with DSA keys for SSL. After changing it to RSA using the following command, the problem is gone:
keytool -genkey -keyalg RSA -alias server -keystore real_serverKeys
Problem is gone!
It turns out that at our server side, we are generating a self-signed certificate using the keys generated using the default DSA algorithm. Somehow iOS has trouble dealing with DSA keys for SSL. After changing it to RSA using the following command, the problem is gone:
keytool -genkey -keyalg RSA -alias server -keystore real_serverKeys
Problem is gone!