Hi,
I am working on OSRAM Lightlify integration and want to speak to their Pro-Gateway. But whatever I try I got security issues with the ATS as you can see in the below response:
“https://192.168.178.43:8443/session
2016-05-17 18:05:31.170 VCommander_debug[10781:1137316] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
Error Domain=NSURLErrorDomain Code=-1202 “The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.178.43” which could put your confidential information at risk.” UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrust 0x105fc9e60 [0x7fff7320f440]>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, NSErrorPeerCertificateChainKey=(
”<SecCertificate 0x105fc9360 [0x7fff7320f440]>"
), NSUnderlyingError=0x60800004c000 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 “The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.178.43” which could put your confidential information at risk.” UserInfo={NSErrorFailingURLStringKey=https://192.168.178.43:8443/session, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, kCFStreamPropertySSLPeerCertificates=(
"<SecCertificate 0x105fc9360 [0x7fff7320f440]>"
), _kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x105fc9e60 [0x7fff7320f440]>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.178.43” which could put your confidential information at risk., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://192.168.178.43:8443/session, _kCFStreamErrorCodeKey=-9813}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.178.43” which could put your confidential information at risk., NSErrorFailingURLKey=https://192.168.178.43:8443/session, NSErrorFailingURLStringKey=https://192.168.178.43:8443/session, NSErrorClientCertificateStateKey=0}"
The strange thing is that if I use CocoaRestClient to send the REST statements eg. post, get, then it works fine. I checked the CocoaRestClient pList and added the same key to temporally allow HTTPs requests w/o certificate but it has no effect. That is the key i put:
NSAppTransportSecurity
NSAllowsArbitraryLoads
Any idea what I could check or do to get around this? I know bypassing ATS is a bad idea in general but this is for dev purpose only and I am working in a local closed network.
Any hint is much appreciated!
Joerg