I have a Windows server, with the proper SSL trust chain. On this server runs a nodejs signaling server for my voip app. I used to run the nodejs server on CentOS, but it was migrated to windows not too long ago. I had disabled SSL in the app for the time being, but now that I enable it again I can't connect with the message "CFNetwork SSLHandshake failed (-9824)".
I understand nobody can help me with finding out what's wrong, but I expected a more descriptive message from apple. 9824 Just means "handshake failed" and the device logs reveal nothing special. I added:
setenv("CFNETWORK_DIAGNOSTICS", "3", 1);
And checked the logs that it produced, but it only told me that the handshake failed :/ I tried adding
CFReadStreamSetProperty(readStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
to the socket initialization to see if that allowed me to connect, but it didn't. I also added that weird info.plist snippet to allow TLS1.0 instead of TLS1.2 on iOS9, but even that didn't change anything.
So my question: How the hell do I get enough information to start debugging this mess? I get that the handshake failed, Apple, but I'd like to know WHY it failed...
Edit: sorry for bad formatting, I'm in a hurry :)
Here is my socket init code:
APP.onlineUsers = [[NSMutableArray alloc] init];
self.didOpenInputStream = NO;
self.didOpenOutputStream = NO;
self.messageQueue = [[NSMutableArray alloc] init];
CFReadStreamRef readStream;
CFWriteStreamRef writeStream;
NSInputStream* inputStream;
NSOutputStream* outputStream;
CFStreamCreatePairWithSocketToHost(NULL, (__bridge CFStringRef)serverUrl, (uint)serverPort, &readStream, &writeStream);
CFReadStreamSetProperty(readStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);//tried without this as well
CFWriteStreamSetProperty(writeStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);//tried without this as well
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelSSLv3);//tried v2 this as well
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelSSLv3);//tried v2 this as well
inputStream = (__bridge_transfer NSInputStream*)readStream;
outputStream = (__bridge_transfer NSOutputStream*)writeStream;
[inputStream setProperty:NSStreamNetworkServiceTypeVoIP forKey:NSStreamNetworkServiceType];
[inputStream setDelegate:self];
[outputStream setDelegate:self];
self.runLoop = [NSRunLoop currentRunLoop];
[inputStream scheduleInRunLoop:self.runLoop forMode:NSDefaultRunLoopMode];
[outputStream scheduleInRunLoop:self.runLoop forMode:NSDefaultRunLoopMode];
[inputStream open];
[outputStream open];
self.inputStream = inputStream;
self.outputStream = outputStream;
Most likely the problem is that your server is not "ATS compliant". ATS brings enforced security to the device starting with iOS 9 resp. OS X 10.11. Especially you need
If your server does not fulfill this requirements you can turn ATS off for this server as described here .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.