Boring SSL Handshake Failure and Error copying Identity Cred

Question

I am trying to use Self Signed certificate for my request through Alamofire.

let trustPolicy = ServerTrustPolicy.pinCertificates(certificates: [certificate], validateCertificateChain: true, validateHost: true)

  let serverTrustPolicies: [String: ServerTrustPolicy] = [ "https:-domain-name": trustPolicy,"domain-name" : .disableEvaluation] let policyManager = ServerTrustPolicyManager(policies: serverTrustPolicies) 

But I am getting following error.

CredStore - copyIdentPrefs - Error copying Identity cred. Error=-25300, query={ class = idnt; labl = " https://domain-name:443/ "; "r_Ref" = 1; }

and

[BoringSSL] boringssl_context_alert_callback_handler(3724) [C1.1:2][0x139d1bd20] Alert level: fatal, description: handshake failure 2019-01-22 15:34:23.448605+0530 DB[1276:264543] [BoringSSL] boringssl_session_errorlog(224) [C1.1:2][0x139d1bd20] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1): operation failed within the library

2019-01-22 15:34:23.448796+0530

DB[1276:264543] [BoringSSL] boringssl_session_handshake_error_print(205) [C1.1:2][0x139d1bd20] 5266093016:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.230.1/ssl/tls_record.cc:586:SSL alert number 40

2019-01-22 15:34:23.448986+0530 DB[1276:264543]

[BoringSSL] boringssl_context_get_error_code(3545) [C1.1:2][0x139d1bd20] SSL_AD_HANDSHAKE_FAILURE

2019-01-22

15:34:23.464957+0530 DB[1276:264543] TIC Read Status [1:0x281599800]: 1:-9824

2019-01-22 15:34:23.467598+0530

DB[1276:264543] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> HTTP load failed (error code: -9824 [1:-9824])

2019-01-22

15:34:23.468019+0530 DB[1276:264574] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> finished with error - code: -9824 2019-01-22 15:34:23.470149+0530 DB[1276:264574] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> load failed with error Error Domain=NSPOSIXErrorDomain Code=-9824 "Unknown error: -9824" UserInfo={_NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1>, _kCFStreamErrorDomainKey=1, NSErrorPeerAddressKey={length = 16, capacity = 16, bytes = 0x100201bb03106e120000000000000000}, _kCFStreamErrorCodeKey=-9824, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1>" )} [-9824]

Have been trying this from past 1 week. Any help would be appreciated.

Answer 1

Disabling evaluation in Alamofire doesn't disable the system's base verification of certificates which blocks self-signed certificates by default. I suggest you read Apple's ATS documentation , but I'm guessing this will require some combination of NSExceptionAllowsInsecureHTTPLoads for your domain and other settings. You should also make sure not to ship those settings if you can help it.