Hello, I’m learning Obj-C, Xcode 8.3, MacOS 10.12.4, and running into trouble opening HTTPS connection to a local development server. No matter what I do I get the error “the certificate for this server is invalid”. I tried going into the project info.plist and disabling everything in ATS, still no luck.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsForMedia</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSAllowsLocalNetworking</key>
<true/>
</dict>I found a reference to the “nscurl” binary and every test fails. I’m trying to access the server by IP address as it is an ephemeral resource that comes up in various testing forms on DHCP. I can access the server just fine using `curl —insecure`. I suspect the hostname returned by the servers self-signed certificate is ‘localhost’ and something in the framework just won’t work with it. openssl s_client returns:
depth=0 /C=US/ST=NJ/L=City/O=Company/OU=APP/CN=localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=NJ/L=City/O=Company/OU=APP/CN=localhost
verify return:1From a few tests I’ve done (with nscurl and and otherwise) it looks like the framework will not validate the handshake when using IP addresses. If that is the case that’s bad for me as I really shouldn’t try to trick ‘localhost’ to be some arbitrary IP address.
My testing app will never be in a distributed application and the servers connected to are internal only. I’m looking for how I can go about disabling ATS completely or what else might be done to relax this constraint and allow my code to connect.