|
|
Post by Super Admin on Dec 4, 2016 1:13:26 GMT
|
|
|
|
Post by Zeeshan Pathan on Dec 30, 2016 4:33:42 GMT
I had posted an Issue on GitHub github.com/tauplatform/tau/issues/6Here are some further clarifications on the same I'm using the Rhodes Open source Version. I tried connecting using iOS 9 and iOS 10. Same code for encountering this issue result = Rho::AsyncHttp.post(:url=>url, :headers=>{"Content-type" => "application/json"},:body=>data,:ssl_verify_peer => true) The connection is successful if i set :ssl_verify_peer => false but that's not what I want. |
|
|
|
Post by Alex Epifanov on Dec 30, 2016 11:45:51 GMT
Thanks Zeeshan,
We will check RMS networking against badssl.com with iOS.
|
|
|
|
Post by Zeeshan Pathan on Jan 24, 2017 8:01:25 GMT
Hi,
Is there any other finding on this.
Thanks
|
|
|
|
Post by Alex Epifanov on Jan 25, 2017 4:53:12 GMT
Hi, Is there any other finding on this. Thanks Hi Zeeshan, we've checked Rho/iOS10 against badssl.com. For self-signed.badssl.com we get a handshake error when peer verification is enabled ( Unknown CA ). With disabled peer verification connection is successfull. For both cases SNI field is set correctly in helo packet. What behavior do you expect? |
|
|
|
Post by Zeeshan Pathan on Jan 26, 2017 11:35:06 GMT
badssl.com has a valid cert which is not self signed. Below are logs from my device when I try to connect to it using when peer verification is enabled. Jan 26 19:31:54 Zeeshans-iPhone rhorunner[456] <Warning>: E 01/26/2017 19:31:54:243 6e663000 Net| Operation finished with error 55: Failed sending data to the peer Jan 26 19:31:54 Zeeshans-iPhone rhorunner[456] <Warning>: E 01/26/2017 19:31:54:243 6e663000 Net| CURLNetRequest: METHOD = [POST] URL = [https://badssl.com] BODY = [] Jan 26 19:31:54 Zeeshans-iPhone networkd[91] <Error>: -[NETProxyLookup pacLookupComplete:proxies:error:] PAC evaluation error: Error Domain=kCFErrorDomainCFNetwork Code=2 "(null)" UserInfo={kCFGetAddrInfoFailureKey=8} Jan 26 19:31:55 Zeeshans-iPhone rhorunner[456] <Error>: SecTrustEvaluate [leaf AnchorTrusted] Jan 26 19:31:55 Zeeshans-iPhone rhorunner[456] <Warning>: CFNetwork SSLHandshake failed (-9807) Jan 26 19:31:55 Zeeshans-iPhone rhorunner[456] <Warning>: E 01/26/2017 19:31:55:466 6e663000 SSL| SSL send failed, unknown error Jan 26 19:31:55 Zeeshans-iPhone rhorunner[456] <Warning>: E 01/26/2017 19:31:55:467 6e663000 Net| Operation finished with error 55: Failed sending data to the peer Jan 26 19:31:55 Zeeshans-iPhone rhorunner[456] <Warning>: E 01/26/2017 19:31:55:467 6e663000 Net| CURLNetRequest: METHOD = [POST] URL = [https://badssl.com] BODY = []
|
|
|
|
Post by Zeeshan Pathan on Jan 26, 2017 11:44:16 GMT
Similar behaviour with get request
Jan 26 19:42:33 Zeeshans-iPhone rhorunner[490] <Warning>: E 01/26/2017 19:42:33:675 6e77b000 Net| Operation finished with error 55: Failed sending data to the peer
Jan 26 19:42:33 Zeeshans-iPhone rhorunner[490] <Warning>: E 01/26/2017 19:42:33:675 6e77b000 Net| CURLNetRequest: METHOD = [GET] URL = [https://badssl.com] BODY = []
Jan 26 19:42:33 Zeeshans-iPhone networkd[91] <Error>: -[NETProxyLookup pacLookupComplete:proxies:error:] PAC evaluation error: Error Domain=kCFErrorDomainCFNetwork Code=2 "(null)" UserInfo={kCFGetAddrInfoFailureKey=8}
Jan 26 19:42:34 Zeeshans-iPhone rhorunner[490] <Error>: SecTrustEvaluate [leaf AnchorTrusted]
Jan 26 19:42:34 Zeeshans-iPhone rhorunner[490] <Warning>: CFNetwork SSLHandshake failed (-9807)
Jan 26 19:42:34 Zeeshans-iPhone rhorunner[490] <Warning>: E 01/26/2017 19:42:34:920 6e77b000 SSL| SSL send failed, unknown error
|
|
|
|
Post by Alex Epifanov on Jan 26, 2017 19:23:22 GMT
you are using CURL networking as I see. Since 5.5 Rho switched to native iOS network API internally. Use following values to control networking on previous Rho versions: #ios_net_curl = 0 # default value is FALSE. from June 2016 iOS application should support ipv6. libCURL does not support it - so by default application use Apple's network framework. #If true, an old libCURL-based Net request will be used. This option can be enabled for regression testing or if custom proxy support is required. Default is FALSE. To support per-app VPN (i.e. MobileIron) this option should be set to FALSE. #ios_direct_local_requests = 1 # default value is TRUE. From June 2016 application shoudl support ipv6. So by default libCURL not used - in this case this option should be TRUE for correct work VPN etc. #If true, request to local server will be applied directly, bypassing socket intercommunication, no network requests are involved. If false, a legacy client-server intercommunication will be made for local requests. Default is TRUE. To support per-app VPN (i.e. MobileIron) this option should be set to TRUE. For self-signed certificates it seems iOS rejects connections even if peer verification is disabled with rhodes API, due to Transport Security introduced in iOS9. To override TS settings required domains should be added to exception list. I've added a test application for which badssl.com is added to exceptions, you can try it: github.com/tauplatform/ios_sniSee build.yml for TS settings: github.com/tauplatform/ios_sni/blob/master/build.yml#L23 |
|
|
|
Post by priyasaini on Jul 13, 2017 5:14:34 GMT
I am trying to pull data from an SSL enabled URL but it is failing for me on Android device.
I get SSL Connect Error. Here is the code to fetch the data:
(API URL is "https://www.l3t.com/api/locations")
def sync_divisions
divisionRecord = StaticPages.find(:first,:conditions => { { :name => 'uname', :op => '=' } => "divisionApiUrl",{
:name => 'language',
:op => '='
} => Rho::RhoConfig.language,{
:name => 'is_active',
:op => '='
} => '1'})
puts "DIV RECORD::"+divisionRecord.to_s
if divisionRecord and divisionRecord.description!=""
#Sync from API
puts "Sync from API"
Rho::RhoConfig.divisionUrl = Rho::RhoSupport.url_decode(divisionRecord.description )
re = /<("[^"]*"|'[^']*'|[^'">])*>/
divURL = Rho::RhoConfig.divisionUrl
Rho::RhoConfig.divisionUrl = divURL.gsub!(re, '').strip()
puts "DIVISION URL #{Rho::RhoConfig.divisionUrl}"
puts "STARTING SYNC OF DIVS"
begin
sync_div_response = Rho::AsyncHttp.get(
:url => Rho::RhoConfig.divisionUrl,
:http_command => "POST",
:headers => {"Content-Type" => "application/json"},
:body => "",
:verifyPeerCertificate => false)
if sync_div_response["status"] == 'ok'
response_data = sync_div_response["body"]
puts "SYNC RESPOSE DATA #{response_data}"
data = Division.find(:all)
jsondata = Rho::JSON.parse(response_data)
if !data.empty?
data.each do |dt|
dt.destroy
end
end
jsondata.each do |json|
a = Division.create(json)
a.name = a.title
a.language = Rho::RhoConfig.language
a.save
end
else
puts "IMPORTANT NOTIFICATION: Error in SYNC Division API response, API response is below:"
end
rescue Exception => e
puts "Error in synching Divisions, Please check log file."
puts e.message
puts e.backtrace.inspect
end
else
puts "Seeded will be shown"
end
end
This is working fine for me on IOS. Please suggest a solution for android.
|
|
|
|
Post by priyasaini on Jul 13, 2017 6:53:07 GMT
Worked for me. Used :ssl_verify_peer => false instead of verifyPeerCertificate. Although as per the documentation, for Rhodes 5.0.38, verifyPeerCertificate should be used.
|
|
