NSURLSession/NSURLConnection HTTP加载失败(kCFStreamErrorDomainSSL,-9813)错误不是在所有iPhone上都存在吗? [英] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) error not on all iPhones?
问题描述
我的一个应用程序无法连接到其API服务器.记录的原因是NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).到目前为止,找不到运气是什么还是什么,但最令人沮丧的是,这个问题出现在我的一些测试设备上.另一方面,一切都很好.我正在使用NSURLConnection:sendSynchronousRequest:returningResponse:error:,但是经过一些重构并尝试使用NSURLSessionDataTask:dataTaskWithRequest:completionHandler:后,仍然会出现问题.
还添加了
one of my apps cannot connect to it's API server. The logged reason is NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813). So far no luck on finding why or what, but the most frustrating thing is, that this problem appears on some of my test devices. On other everything is fine. I am using NSURLConnection:sendSynchronousRequest:returningResponse:error:, but after some refactoring and trying with NSURLSessionDataTask:dataTaskWithRequest:completionHandler:, the problem still occurs.
Also added
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
{
completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
}
仍然没有.....
p.s.尽管我的第一个问题是很多其他问题的重复,但我主要担心的是为什么这个错误仅出现在我的一个测试设备上(在设置"->常规"->重置"后也可以正常工作,但是如何告诉苹果请重置您的测试设备"?).另一个工作正常.
p.s. even though my first problem is duplicate of many others, my main concern is why this error appears only on ONE of my testing devices (after Settings -> General -> Reset it works fine too, but how to tell Apple "please, reset your testing device"?). The other work perfectly fine.
推荐答案
错误-9813是errSSLNoRootCert.这意味着服务器提供的证书链没有到达受信任的根(锚)证书,通常是由于链中缺少证书引起的.
Error -9813 is errSSLNoRootCert. This means that the certificate chain provided by the server does not reach a trusted root (anchor) cert, and is usually caused by missing certificates in the chain.
一台设备与另一台设备之所以不同的原因可能是因为某些设备能够成功获取丢失的证书(OCSP?),因为某些设备具有由于其他原因而在其他设备上不存在的其他受信任的锚证书. ,或者因为该链中的某些证书是使用密钥签名算法签名的,该算法在iOS 9上不再被接受,因此将被忽略.
The reason for the difference from one device to another could be because some devices were able to successfully fetch the missing certificates (OCSP?), because some devices have additional trusted anchor certs that are not present on the other devices for whatever reason, or because some of the certificates in the chain are signed using a key signing algorithm that is no longer accepted on iOS 9 and thus are being ignored.
我建议您与TLS证书供应商联系,以获得TLS链文件的新副本,更新服务器上的链文件,重新启动服务器,然后查看问题是否消失.
I would suggest that you contact your TLS certificate vendor and get a new copy of the TLS chain file, update the chain file on the server, restart the server, and see if the problem goes away.
如果这没有帮助,请使用我们可以测试的URL以及针对相关主机运行openssl s_client -connect yourhostname:443的结果来编辑您的问题.
If that doesn't help, please edit your question with a URL that we can test, along with the results of running openssl s_client -connect yourhostname:443 against the host in question.
更多提示在这里:
- iOS HTTPS requests 101
- https://developer.apple.com/library/ios/technotes/tn2232/_index.html
这篇关于NSURLSession/NSURLConnection HTTP加载失败(kCFStreamErrorDomainSSL,-9813)错误不是在所有iPhone上都存在吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
