Starscream
Starscream copied to clipboard
daltoniam
websocket connect error code:9807
iOS:11.0.1
when i connect to wss://dev.dev.cn
// don't validate SSL certificates
let pinner = FoundationSecurity(allowSelfSigned: true)
webSocket = WebSocket(request: socketRequest(), certPinner: pinner)
This will not connect to server.
Console output:
2020-05-18 17:46:46.749522+0800 NYCloud[96908:4535363] CFNetwork SSLHandshake failed (-9807)
2020-05-18 17:46:46.749622+0800 NYCloud[96908:4535363] TCP Conn 0x604000360540 SSLHandshake failed (-9807)
2020-05-18 17:46:46.749801+0800 NYCloud[96908:4535372] SocketStream write error [0x604000360540]: 3 -9807
2020-05-18 17:46:46.750 [WebSocketManager.swift didReceive(event:client:) [Line 496]] Websocket Failed With Error = Optional(Error Domain=NSOSStatusErrorDomain Code=-9807 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9807, _kCFStreamErrorDomainKey=3})
2020-05-18 17:46:46.750 [AppDelegate.swift initRootViewController() [Line 162]] websocket: error = Error Domain=NSOSStatusErrorDomain Code=-9807 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9807, _kCFStreamErrorDomainKey=3}
2020-05-18 17:46:46.751 [WebSocketManager.swift didReceive(event:client:) [Line 496]] Websocket Failed With Error = Optional(Error Domain=NSOSStatusErrorDomain Code=-9807 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9807, _kCFStreamErrorDomainKey=3})
2020-05-18 17:46:46.751 [AppDelegate.swift initRootViewController() [Line 162]] websocket: error = Error Domain=NSOSStatusErrorDomain Code=-9807 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9807, _kCFStreamErrorDomainKey=3}
same issue on ios 11 2020-05-26 11:12:54.804761+0300 Telenet[397:65811] CFNetwork SSLHandshake failed (-9807) 2020-05-26 11:12:54.804926+0300 Telenet[397:65811] TCP Conn 0x1c416cd80 SSLHandshake failed (-9807) 2020-05-26 11:12:54.806815+0300 Telenet[397:65811] SocketStream write error [0x1c416cd80]: 3 -9807 but i need support ios 11
As far as I can tell, it has something to do with trying to obtain the trust before it's set. It's similar to this old stack overflow post: https://stackoverflow.com/questions/38761837/ios-ssl-connection-in-swift#answer-39422996:~:text=%2F%2F%20If%20you%20try%20and%20obtain,that%20the%20oject%20is%20always%20nil!
I haven't been able to find a solution yet. The stream event "hasSpaceAvailable" never gets triggered.
I fix this by change FoundationTransport.swift :
if isTLS {
let key = CFStreamPropertyKey(rawValue: kCFStreamPropertySocketSecurityLevel)
CFReadStreamSetProperty(inStream, key, kCFStreamSocketSecurityLevelNegotiatedSSL)
CFWriteStreamSetProperty(outStream, key, kCFStreamSocketSecurityLevelNegotiatedSSL)
// my code
let dict = [
kCFStreamSSLValidatesCertificateChain: kCFBooleanFalse as Any, // allow self-signed certificate
] as CFDictionary
let key2 = CFStreamPropertyKey(rawValue: kCFStreamPropertySSLSettings)
CFReadStreamSetProperty(self.inputStream, key2, dict)
CFWriteStreamSetProperty(self.outputStream, key2, dict)
// my code end
}
I fixed this with something similar to @chinabrant, however I don't use self-signed certs. I use cert-pinning in client app.
if isTLS {
inStream.setProperty(StreamSocketSecurityLevel.negotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
outStream.setProperty(StreamSocketSecurityLevel.negotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
let sslSettings = [NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse] as [NSString : CFBoolean]
inStream.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)
outStream.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)
}
...
and by changing the .openCompleted case in stream() to .hasSpaceAvailable:
--- case .openCompleted:
--- if aStream == inputStream {
+++ case .hasSpaceAvailable:
+++ if !isOpen {