Faiz Mokhtar Faiz Mokhtar - 1 year ago 163
Swift Question

Bypassing App Transport Security to allow unsecured HTTP server


I have to connect to these two different servers for development and staging use. Both of the servers have unstrusted SSL certificates.
For example purposes, these two servers URL's are:

Staging server:

Development server:

Whenever I tried to call the API, i get empty response with following error:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

or sometimes,

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)

I use Moya for my network layers, which is basically just a nice wrapper for Alamofire. For additional info, I use
XCode 7.3
and the app only supports
> iOS 9

What I've did:

I am very well aware of App Transport Security issue that Apple want to enforce. I wanted to disable it for development but still in vain. Some of the ways I tried to bypass the ATS it are as the following:

  1. Add the following in my
    to allow arbitrary loads.


  2. Explicitly defines the domain exceptions.


Here's the screenshot for my
enter image description here

  1. I also tried to disable the Server Trust Policy of Alamofire manager shared instance. Here's the example code:

    // Disable Policies
    let policies: [String: ServerTrustPolicy] = [
    "https://example.entrydns.org:1012/": .DisableEvaluation,
    "": .DisableEvaluation

    let manager = Manager(
    configuration: NSURLSessionConfiguration.defaultSessionConfiguration(),
    serverTrustPolicyManager: ServerTrustPolicyManager(policies: policies)
    // ---------------
    let networkLogger = NetworkLoggerPlugin(verbose: true, responseDataFormatter: nil)

    let endpointClosure = { (target: ExampleAPI) -> Endpoint<ExampleAPI> in
    let url = target.baseURL.URLByAppendingPathComponent(target.path).absoluteString
    let endpoint: Endpoint<ExampleAPI> = Endpoint<ExampleAPI>
    (URL: url,
    sampleResponseClosure: {.NetworkResponse(200, target.sampleData)},
    method: target.method,
    parameters: target.parameters,
    parameterEncoding: .URLEncodedInURL)
    return endpoint.endpointByAddingHTTPHeaderFields(target.header())

    let ExampleProvider = MoyaProvider<ExampleAPI>(manager: manager,
    endpointClosure: endpointClosure)

  2. Open the URLs and download the certs on my device and simulators.

Even after all the steps above I still got the same error. Any takes on what I did wrong and what I can do to solve this problem? BTW, it would be great if I can avoid server-side solution.

Thanks in advance.


Answer Source

Define your policies with just the hostname.

// Disable Policies
let policies: [String: ServerTrustPolicy] = [
    "example.entrydns.org": .DisableEvaluation
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download