On iOS 8 and earlier it was possible to install a custom SSL root certificate on iOS, which would allow Safari and apps to trust that certificate for the signing of secure resources accessed via HTTPS / SSL / TLS etc.
On iOS 9 it is still possible to install a custom SSL root certificate, and Safari will trust it for accessing websites. However in apps compiled for iOS 9, ATS appears to reject the certificate, in spite of Safari on the same device trusting it.
Are apps using their own trust store now?
I am trying to use the app with Charles Proxy, so perhaps there's a different issue occuring. Disabling ATS makes it work. Adding exceptions on the TLS version and forward secrect for the specific domain do not, which is good as I believe Charles Proxy is using TLSv1.2 and ciphers that support PFS. So I am left guessing that it is rejecting the SSL certificate.
I have used CFNetwork Diagnostics output to try to diagnose it, but I don't appear to gain much information.
Although the log is pretty much identical with or without the SSL root certificate installed, which leads me to believe that apps are not using root certificates that users install...
While the connection succeeds if I disable ATS in the Info.plist, I would like to avoid this as a solution - if I enable this for debugging I'm likely to forget to disable it later!
Here is the CFNetwork Diagnostics log:
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:1] 12:33:01.315 {
LoaderWhatToDo
Request: <CFURL 0x7fec59c33d30 [0x102e65610]>{string = https://www.apple.com/, encoding = 134217984, base = (null)}
CachePolicy: 1
WhatToDo: originload
CreateToNow: 0.01834s
} [3:1]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:2] 12:33:01.317 {
AddCookies Continue: request GET https://www.apple.com/ HTTP/1.1
HTTPProtocol: Task: 5b31fbe0
} [3:2]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:3] 12:33:01.318 {
DiskCookieStorage Construction: Binary{ Disk Cookies: { /Users/karlvr/Library/Developer/CoreSimulator/Devices/1B4FFFD7-0DF2-4BFA-9C2D-1AC40D349E3F/data/Containers/Data/Application/80EE3052-78F1-42B2-965E-3684E24685AB/Library/Cookies/com.cactuslab.ATSTest.binarycookies, <0 cookies in 0 domains> clean not writing } }
Accessing: <CFURL 0x7fec5b0b11b0 [0x102e65610]>{string = file:///Users/karlvr/Library/Developer/CoreSimulator/Devices/1B4FFFD7-0DF2-4BFA-9C2D-1AC40D349E3F/data/Containers/Data/Application/80EE3052-78F1-42B2-965E-3684E24685AB/Library/Cookies/com.cactuslab.ATSTest.binarycookies, encoding = 134217984, base = (null)}
Path: /Users/karlvr/Library/Developer/CoreSimulator/Devices/1B4FFFD7-0DF2-4BFA-9C2D-1AC40D349E3F/data/Containers/Data/Application/80EE3052-78F1-42B2-965E-3684E24685AB/Library/Cookies/com.cactuslab.ATSTest.binarycookies
Read from disk: <0 cookies in 0 domains>
Dirty: NO
Writing: NO
Policy: 2
} [3:3]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:4] 12:33:01.318 {
DiskCookieStorage Journaling On: Binary{ Disk Cookies: { /Users/karlvr/Library/Developer/CoreSimulator/Devices/1B4FFFD7-0DF2-4BFA-9C2D-1AC40D349E3F/data/Containers/Data/Application/80EE3052-78F1-42B2-965E-3684E24685AB/Library/Cookies/com.cactuslab.ATSTest.binarycookies, <0 cookies in 0 domains> clean not writing } }
File: <CFURL 0x7fec59d210e0 [0x102e65610]>{string = file:///Users/karlvr/Library/Developer/CoreSimulator/Devices/1B4FFFD7-0DF2-4BFA-9C2D-1AC40D349E3F/data/Containers/Data/Application/80EE3052-78F1-42B2-965E-3684E24685AB/Library/Cookies/com.cactuslab.ATSTest.binarycookies, encoding = 134217984, base = (null)}
} [3:4]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:5] 12:33:01.318 {
Protocol Enqueue: request GET https://www.apple.com/ HTTP/1.1
Request: <CFURLRequest 0x7fec5b0adcd0 [0x102e65610]> {url = https://www.apple.com/, cs = 0x0}
Message: GET https://www.apple.com/ HTTP/1.1
Sending: dict [4] {
Accept-Encoding: gzip, deflate
Accept: */
Accept-Language: en-us
}
} [3:5]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:6] 12:33:01.319 {
SocketStream IO Logging
} [3:6]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:7] 12:33:01.320 {
TCP Connection Created
conn: 0x7fec5b0b1e10 for name www.apple.com, port 443
} [3:7]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:8] 12:33:01.320 {
TCP Connection Start
conn: 0x7fec5b0b1e10
} [3:8]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:9] 12:33:01.323 {
SocketStream TCP Connection Complete
conn: 0x7fec5b0b1e10
fd: 9
error: 0
} [3:9]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:10] 12:33:01.324 {
{ fd: 9, local 127.0.0.1:60404 => peer 127.0.0.1:8888 www.apple.com} RAW-SENT 166
RAW-SENT (9) | > data [ 166 ] bytes {
RAW-SENT (9) | > 00000000: 434f 4e4e 4543 5420 7777 772e 6170 706c CONNECT www.appl
RAW-SENT (9) | > 00000010: 652e 636f 6d3a 3434 3320 4854 5450 2f31 e.com:443 HTTP/1
RAW-SENT (9) | > 00000020: 2e31 0d0a 486f 7374 3a20 7777 772e 6170 .1--Host: www.ap
RAW-SENT (9) | > 00000030: 706c 652e 636f 6d0d 0a55 7365 722d 4167 ple.com--User-Ag
RAW-SENT (9) | > 00000040: 656e 743a 2041 5453 5465 7374 2f31 2043 ent: ATSTest/1 C
RAW-SENT (9) | > 00000050: 464e 6574 776f 726b 2f37 3434 2e35 2044 FNetwork/744.5 D
RAW-SENT (9) | > 00000060: 6172 7769 6e2f 3134 2e34 2e30 0d0a 436f arwin/14.4.0--Co
RAW-SENT (9) | > 00000070: 6e6e 6563 7469 6f6e 3a20 6b65 6570 2d61 nnection: keep-a
RAW-SENT (9) | > 00000080: 6c69 7665 0d0a 5072 6f78 792d 436f 6e6e live--Proxy-Conn
RAW-SENT (9) | > 00000090: 6563 7469 6f6e 3a20 6b65 6570 2d61 6c69 ection: keep-ali
RAW-SENT (9) | > 000000a0: 7665 0d0a 0d0a ve----
RAW-SENT (9) | > }
} [3:10]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:11] 12:33:01.816 {
{ fd: 9, local 127.0.0.1:60404 => peer 127.0.0.1:8888 www.apple.com} RAW-READ 39
RAW-READ (9) | < data [ 39 ] bytes {
RAW-READ (9) | < 00000000: 4854 5450 2f31 2e30 2032 3030 2043 6f6e HTTP/1.0 200 Con
RAW-READ (9) | < 00000010: 6e65 6374 696f 6e20 6573 7461 626c 6973 nection establis
RAW-READ (9) | < 00000020: 6865 640d 0a0d 0a hed----
RAW-READ (9) | < }
} [3:11]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:12] 12:33:01.817 {
{ fd: 9, local 127.0.0.1:60404 => peer 127.0.0.1:8888 www.apple.com} RAW-SENT 192
RAW-SENT (9) | > data [ 192 ] bytes {
RAW-SENT (9) | > 00000000: 1603 0100 bb01 0000 b703 0355 9b1e 3d15 ...........U..=.
RAW-SENT (9) | > 00000010: 94f7 1b61 4eec 2890 3d51 d9e5 bfd5 740e ...aN.(.=Q....t.
RAW-SENT (9) | > 00000020: 578a 08ea 3f3e d01f 1428 1b00 0024 00ff W...?>...(...$..
RAW-SENT (9) | > 00000030: c02c c02b c024 c00a c023 c009 c030 c02f .,.+.$.-.#...0./
RAW-SENT (9) | > 00000040: c028 c027 c013 009f 009e 006b 0039 0067 .(.'.......k.9.g
RAW-SENT (9) | > 00000050: 0033 0100 006a 0000 0012 0010 0000 0d77 .3...j........-w
RAW-SENT (9) | > 00000060: 7777 2e61 7070 6c65 2e63 6f6d 000a 0008 ww.apple.com.-..
RAW-SENT (9) | > 00000070: 0006 0017 0018 0019 000b 0002 0100 000d ...............-
RAW-SENT (9) | > 00000080: 000e 000c 0501 0401 0201 0503 0403 0203 ................
RAW-SENT (9) | > 00000090: 3374 0000 0010 001b 0019 0873 7064 792f 3t.........spdy/
RAW-SENT (9) | > 000000a0: 332e 3106 7370 6479 2f33 0868 7474 702f 3.1.spdy/3.http/
RAW-SENT (9) | > 000000b0: 312e 3100 0500 0501 0000 0000 0012 0000 1.1.............
RAW-SENT (9) | > }
} [3:12]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:13] 12:33:01.817 {
ioLogger
logStruct: array [4] {
BEGIN SSL RECORD DECODE: SENT
decodeHandshake [0] @ 0x7fec59d23845, version 301, length 187 (0xbb)
ClientHello (1, 0x1), length 183 (0xb7)
END SSL RECORD DECODE: SENT
}
} [3:13]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:14] 12:33:01.821 {
{ fd: 9, local 127.0.0.1:60404 => peer 127.0.0.1:8888 www.apple.com} RAW-READ 3486
RAW-READ (9) | < data [ 2048 ] bytes {
RAW-READ (9) | < 00000000: 1603 030d 9902 0000 4d03 0355 9b1e 3d33 ...-....M..U..=3
RAW-READ (9) | < 00000010: eb2a 0004 d707 36de ff1c 4ebe 248e 5b7e .*....6...N.$.[~
RAW-READ (9) | < 00000020: f5f7 9d27 7cce d797 1f48 d020 559b 1e3d ...'|....H. U..=
RAW-READ (9) | < 00000030: ac6d 7986 b3cd 171d 283e 7b2c 0c17 bef2 .my.....(>{,....
RAW-READ (9) | < 00000040: 1b1f b1b3 fe3b 288a 28b0 8967 c02f 0000 .....;(.(..g./..
RAW-READ (9) | < 00000050: 05ff 0100 0100 0b00 0c73 000c 7000 06e4 .........s..p...
RAW-READ (9) | < 00000060: 3082 06e0 3082 05c8 a003 0201 0202 0601 0...0...........
RAW-READ (9) | < 00000070: 4e65 d332 a730 0d06 092a 8648 86f7 0d01 Ne.2.0-..*.H..-.
RAW-READ (9) | < 00000080: 010b 0500 3081 c531 5730 5506 0355 0403 ....0..1W0U..U..
RAW-READ (9) | < 00000090: 0c4e 4368 6172 6c65 7320 5072 6f78 7920 .NCharles Proxy
RAW-READ (9) | < 000000a0: 4375 7374 6f6d 2052 6f6f 7420 4365 7274 Custom Root Cert
RAW-READ (9) | < 000000b0: 6966 6963 6174 6520 2862 7569 6c74 206f ificate (built o
RAW-READ (9) | < 000000c0: 6e20 4b61 726c 732d 694d 6163 2e6c 6f63 n Karls-iMac.loc
RAW-READ (9) | < 000000d0: 616c 2c20 3234 204d 6172 2032 3031 3529 al, 24 Mar 2015)
RAW-READ (9) | < 000000e0: 3124 3022 0603 5504 0b0c 1b68 7474 703a 1$0"..U....http:
RAW-READ (9) | < 000000f0: 2f2f 6368 6172 6c65 7370 726f 7879 2e63 //charlesproxy.c
RAW-READ (9) | < 00000100: 6f6d 2f73 736c 3111 300f 0603 5504 0a0c om/ssl1.0...U.-.
RAW-READ (9) | < 00000110: 0858 4b37 3220 4c74 6431 1130 0f06 0355 .XK72 Ltd1.0...U
RAW-READ (9) | < 00000120: 0407 0c08 4175 636b 6c61 6e64 3111 300f ....Auckland1.0.
RAW-READ (9) | < 00000130: 0603 5504 080c 0841 7563 6b6c 616e 6431 ..U....Auckland1
RAW-READ (9) | < 00000140: 0b30 0906 0355 0406 1302 4e5a 301e 170d .0...U....NZ0..-
RAW-READ (9) | < 00000150: 3134 3132 3139 3030 3030 3030 5a17 0d31 141219000000Z.-1
RAW-READ (9) | < 00000160: 3630 3431 3632 3335 3935 395a 3082 0118 60416235959Z0...
RAW-READ (9) | < 00000170: 3113 3011 060b 2b06 0104 0182 373c 0201 1.0...+.....7<..
RAW-READ (9) | < 00000180: 0313 0255 5331 1b30 1906 0b2b 0601 0401 ...US1.0...+....
RAW-READ (9) | < 00000190: 8237 3c02 0102 0c0a 4361 6c69 666f 726e .7<....-Californ
RAW-READ (9) | < 000001a0: 6961 311d 301b 0603 5504 0f13 1450 7269 ia1.0...U....Pri
RAW-READ (9) | < 000001b0: 7661 7465 204f 7267 616e 697a 6174 696f vate Organizatio
RAW-READ (9) | < 000001c0: 6e31 1130 0f06 0355 0405 1308 4330 3830 n1.0...U....C080
RAW-READ (9) | < 000001d0: 3635 3932 310b 3009 0603 5504 0613 0255 65921.0...U....U
RAW-READ (9) | < 000001e0: 5331 0e30 0c06 0355 0411 0c05 3935 3031 S1.0...U....9501
RAW-READ (9) | < 000001f0: 3431 1330 1106 0355 0408 0c0a 4361 6c69 41.0...U...-Cali
RAW-READ (9) | < 00000200: 666f 726e 6961 3112 3010 0603 5504 070c fornia1.0...U...
RAW-READ (9) | < 00000210: 0943 7570 6572 7469 6e6f 3118 3016 0603 .Cupertino1.0...
RAW-READ (9) | < 00000220: 5504 090c 0f31 2049 6e66 696e 6974 6520 U....1 Infinite
RAW-READ (9) | < 00000230: 4c6f 6f70 3113 3011 0603 5504 0a0c 0a41 Loop1.0...U.-.-A
RAW-READ (9) | < 00000240: 7070 6c65 2049 6e63 2e31 2530 2306 0355 pple Inc.1%0#..U
RAW-READ (9) | < 00000250: 040b 0c1c 496e 7465 726e 6574 2053 6572 ....Internet Ser
RAW-READ (9) | < 00000260: 7669 6365 7320 666f 7220 416b 616d 6169 vices for Akamai
RAW-READ (9) | < 00000270: 3116 3014 0603 5504 030c 0d77 7777 2e61 1.0...U...-www.a
RAW-READ (9) | < 00000280: 7070 6c65 2e63 6f6d 3081 9f30 0d06 092a pple.com0..0-..*
RAW-READ (9) | < 00000290: 8648 86f7 0d01 0101 0500 0381 8d00 3081 .H..-.........0.
RAW-READ (9) | < 000002a0: 8902 8181 0089 26ee a516 2f92 9d09 2b93 ......&.../...+.
RAW-READ (9) | < 000002b0: 258e 8c41 d07b 35bc 1c83 f5b4 c3ce 2cc2 %..A.{5.......,.
RAW-READ (9) | < 000002c0: d283 2beb 7fb8 86e5 6b4d d9f7 2d13 cda3 ..+.....kM..-...
RAW-READ (9) | < 000002d0: 39ef f7bd 89a9 0277 0ee1 cd81 6d4d 8f42 9......w....mM.B
RAW-READ (9) | < 000002e0: 0325 9169 3d60 b20e a9c1 7cc6 ebc5 eadf .%.i=`....|.....
RAW-READ (9) | < 000002f0: 8e25 7a12 2bb5 7daa bc08 ec8a 4fd9 72a8 .%z.+.}.....O.r.
RAW-READ (9) | < 00000300: 9025 0e79 139c 025f 36c2 cb07 5382 a72b .%.y..._6...S..+
RAW-READ (9) | < 00000310: 01e1 8bbf 4e9f 8795 dd2f d190 746e 3fb6 ....N..../..tn?.
RAW-READ (9) | < 00000320: 759c df62 c902 0301 0001 a382 0302 3082 u..b..........0.
RAW-READ (9) | < 00000330: 02fe 300e 0603 551d 0f01 01ff 0404 0302 ..0...U.........
RAW-READ (9) | < 00000340: 05a0 3082 017e 060a 2b06 0104 01d6 7902 ..0..~.-+.....y.
RAW-READ (9) | < 00000350: 0402 0482 016e 0482 016a 0168 0076 00a4 .....n...j.h.v..
RAW-READ (9) | < 00000360: b909 90b4 1858 1487 bb13 a2cc 6770 0a3c .....X......gp-<
RAW-READ (9) | < 00000370: 3598 04f9 1bdf b8e3 77cd 0ec8 0ddc 1000 5.......w...-...
RAW-READ (9) | < 00000380: 0001 4a63 cd4c f700 0004 0300 4730 4502 ..Jc.L......G0E.
RAW-READ (9) | < 00000390: 2100 e30e a409 67a5 7a58 af48 2775 17f0 !.....g.zX.H'u..
RAW-READ (9) | < 000003a0: c049 27ef 67b1 a1a4 f765 ba58 c4be da81 .I'.g....e.X....
RAW-READ (9) | < 000003b0: b93c 0220 7196 e265 b013 3169 d4cc 6185 .<. q..e..1i..a.
RAW-READ (9) | < 000003c0: 6690 fffb e87c 20cc 173e 5152 8db2 27ba f....| ..>QR..'.
RAW-READ (9) | < 000003d0: f892 6256 0076 0068 f698 f81f 6482 be3a ..bV.v.h....d..:
RAW-READ (9) | < 000003e0: 8cee b928 1d4c fc71 515d 6793 d444 d10a ...(.L.qQ]g..D.-
RAW-READ (9) | < 000003f0: 67ac bb4f 4ffb c400 0001 4a63 cd4d 1300 g..OO.....Jc.M..
RAW-READ (9) | < 00000400: 0004 0300 4730 4502 2039 2d72 35d5 45c0 ....G0E. 9-r5.E.
RAW-READ (9) | < 00000410: 8719 e00d c905 2fe1 7b64 dae2 abe6 618b ...-../.{d....a.
RAW-READ (9) | < 00000420: ef2e 4848 a202 df06 3a02 2100 d8ef 7835 ..HH....:.!...x5
RAW-READ (9) | < 00000430: a410 77c9 1250 08fa 4872 46a5 9d72 2aa2 ..w..P..HrF..r*.
RAW-READ (9) | < 00000440: 056c bd2c 13f1 a8f9 d6fa 644e 0076 00ee .l.,......dN.v..
RAW-READ (9) | < 00000450: 4bbd b775 ce60 bae1 4269 1fab e19e 66a3 K..u.`..Bi....f.
RAW-READ (9) | < 00000460: 0f7e 5fb0 72d8 8300 c47b 897a a8fd cb00 .~_.r....{.z....
RAW-READ (9) | < 00000470: 0001 4a63 cd4f 5300 0004 0300 4730 4502 ..Jc.OS.....G0E.
RAW-READ (9) | < 00000480: 201f 935c f9d3 f19f 4a65 709f 34ed 2d97 ..\....Jep.4.-.
RAW-READ (9) | < 00000490: d40d c048 1078 7d6a e756 627a 2136 1eed .-.H.x}j.Vbz!6..
RAW-READ (9) | < 000004a0: a502 2100 b5d3 7da0 3c55 ec88 e158 3c49 ..!...}.<U...X<I
RAW-READ (9) | < 000004b0: a39e 0498 2fda 7913 c53d 0a51 3c17 20d2 ..../.y..=-Q<. .
RAW-READ (9) | < 000004c0: 6b5a fa22 3027 0603 551d 1104 2030 1e82 kZ."0'..U... 0..
RAW-READ (9) | < 000004d0: 0d77 7777 2e61 7070 6c65 2e63 6f6d 820d -www.apple.com.-
RAW-READ (9) | < 000004e0: 7373 6c2e 6170 706c 652e 636f 6d30 0906 ssl.apple.com0..
RAW-READ (9) | < 000004f0: 0355 1d13 0402 3000 301d 0603 551d 2504 .U....0.0...U.%.
RAW-READ (9) | < 00000500: 1630 1406 082b 0601 0505 0703 0106 082b .0...+.........+
RAW-READ (9) | < 00000510: 0601 0505 0703 0230 81f7 0603 551d 2304 .......0....U.#.
RAW-READ (9) | < 00000520: 81ef 3081 ec80 1465 217b abc7 064c 2357 ..0....e!{...L#W
RAW-READ (9) | < 00000530: 3bb4 1bd3 f900 a13f d58e e2a1 81cb a481 ;......?........
RAW-READ (9) | < 00000540: c830 81c5 3157 3055 0603 5504 030c 4e43 .0..1W0U..U...NC
RAW-READ (9) | < 00000550: 6861 726c 6573 2050 726f 7879 2043 7573 harles Proxy Cus
RAW-READ (9) | < 00000560: 746f 6d20 526f 6f74 2043 6572 7469 6669 tom Root Certifi
RAW-READ (9) | < 00000570: 6361 7465 2028 6275 696c 7420 6f6e 204b cate (built on K
RAW-READ (9) | < 00000580: 6172 6c73 2d69 4d61 632e 6c6f 6361 6c2c arls-iMac.local,
RAW-READ (9) | < 00000590: 2032 3420 4d61 7220 3230 3135 2931 2430 24 Mar 2015)1$0
RAW-READ (9) | < 000005a0: 2206 0355 040b 0c1b 6874 7470 3a2f 2f63 "..U....http://c
RAW-READ (9) | < 000005b0: 6861 726c 6573 7072 6f78 792e 636f 6d2f harlesproxy.com/
RAW-READ (9) | < 000005c0: 7373 6c31 1130 0f06 0355 040a 0c08 584b ssl1.0...U.-..XK
RAW-READ (9) | < 000005d0: 3732 204c 7464 3111 300f 0603 5504 070c 72 Ltd1.0...U...
RAW-READ (9) | < 000005e0: 0841 7563 6b6c 616e 6431 1130 0f06 0355 .Auckland1.0...U
RAW-READ (9) | < 000005f0: 0408 0c08 4175 636b 6c61 6e64 310b 3009 ....Auckland1.0.
RAW-READ (9) | < 00000600: 0603 5504 0613 024e 5a82 0601 4c48 4f14 ..U....NZ...LHO.
RAW-READ (9) | < 00000610: eb30 1d06 0355 1d0e 0416 0414 cda1 740b .0...U........t.
RAW-READ (9) | < 00000620: db12 4daa 3258 3e80 24d7 7430 3dc7 7c7a ..M.2X>.$.t0=.|z
RAW-READ (9) | < 00000630: 300d 0609 2a86 4886 f70d 0101 0b05 0003 0-..*.H..-......
RAW-READ (9) | < 00000640: 8201 0100 0800 60c5 5c15 d2aa 08b4 e378 ......`.\......x
RAW-READ (9) | < 00000650: c281 0ca4 d2ff 1c6d 500d 56e1 5fec a4af .......mP-V._...
RAW-READ (9) | < 00000660: 7409 a51f 01cb 580f 335b f744 2604 90c7 t.....X.3[.D&...
RAW-READ (9) | < 00000670: 7ad8 acae 93ad 4952 6853 342f a817 6d64 z.....IRhS4/..md
RAW-READ (9) | < 00000680: 5974 002e 8860 0066 1fd3 4802 688d 26bb Yt...`.f..H.h.&.
RAW-READ (9) | < 00000690: bbd9 5460 6cc0 4833 7e67 cf78 42a4 46b8 ..T`l.H3~g.xB.F.
RAW-READ (9) | < 000006a0: 28e6 0a24 69ef de9b a2a4 b170 e521 7442 (.-$i......p.!tB
RAW-READ (9) | < 000006b0: d6f4 1695 901e d115 2055 25ee 81a5 89eb ........ U%.....
RAW-READ (9) | < 000006c0: ff95 33a6 7e9c aafa 839f dd13 25be 0a53 ..3.~.......%.-S
RAW-READ (9) | < 000006d0: 3d84 df2f ea65 ea7a 4f22 3f98 fbfd 1bdb =../.e.zO"?.....
RAW-READ (9) | < 000006e0: 9939 4c8d 7545 76fc 4d50 1c30 7873 68c8 .9L.uEv.MP.0xsh.
RAW-READ (9) | < 000006f0: d3e2 4acd ece7 d833 5c7e f6a9 d5ed f1f9 ..J....3\~......
RAW-READ (9) | < 00000700: eea9 3bd4 a5ab fb2a f74a be9e 6c2f bfb9 ..;....*.J..l/..
RAW-READ (9) | < 00000710: efb0 cd1a 8894 fa9f 2585 2138 8639 801e ........%.!8.9..
RAW-READ (9) | < 00000720: 5036 c8e3 d8bf d19c 2e40 46f3 a68e 4be4 P6.......@F...K.
RAW-READ (9) | < 00000730: a053 982b 218f 349b cfbc 98b3 a619 8174 .S.+!.4........t
RAW-READ (9) | < 00000740: b1de d31c 0005 8630 8205 8230 8204 6aa0 .......0...0..j.
RAW-READ (9) | < 00000750: 0302 0102 0206 014c 484f 14eb 300d 0609 .......LHO..0-..
RAW-READ (9) | < 00000760: 2a86 4886 f70d 0101 0b05 0030 81c5 3157 *.H..-.....0..1W
RAW-READ (9) | < 00000770: 3055 0603 5504 030c 4e43 6861 726c 6573 0U..U...NCharles
RAW-READ (9) | < 00000780: 2050 726f 7879 2043 7573 746f 6d20 526f Proxy Custom Ro
RAW-READ (9) | < 00000790: 6f74 2043 6572 7469 6669 6361 7465 2028 ot Certificate (
RAW-READ (9) | < 000007a0: 6275 696c 7420 6f6e 204b 6172 6c73 2d69 built on Karls-i
RAW-READ (9) | < 000007b0: 4d61 632e 6c6f 6361 6c2c 2032 3420 4d61 Mac.local, 24 Ma
RAW-READ (9) | < 000007c0: 7220 3230 3135 2931 2430 2206 0355 040b r 2015)1$0"..U..
RAW-READ (9) | < 000007d0: 0c1b 6874 7470 3a2f 2f63 6861 726c 6573 ..http://charles
RAW-READ (9) | < 000007e0: 7072 6f78 792e 636f 6d2f 7373 6c31 1130 proxy.com/ssl1.0
RAW-READ (9) | < 000007f0: 0f06 0355 040a 0c08 584b 3732 204c 7464 ...U.-..XK72 Ltd
RAW-READ (9) | < }
} [3:14]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:15] 12:33:01.822 {
{ fd: 9, local 127.0.0.1:60404 => peer 127.0.0.1:8888 www.apple.com} RAW-READ continuation
RAW-READ (9) | < data [ 1438 ] bytes {
RAW-READ (9) | < 00000000: 3111 300f 0603 5504 070c 0841 7563 6b6c 1.0...U....Auckl
RAW-READ (9) | < 00000010: 616e 6431 1130 0f06 0355 0408 0c08 4175 and1.0...U....Au
RAW-READ (9) | < 00000020: 636b 6c61 6e64 310b 3009 0603 5504 0613 ckland1.0...U...
RAW-READ (9) | < 00000030: 024e 5a30 1e17 0d30 3030 3130 3130 3030 .NZ0..-000101000
RAW-READ (9) | < 00000040: 3030 305a 170d 3434 3035 3139 3230 3234 000Z.-4405192024
RAW-READ (9) | < 00000050: 3434 5a30 81c5 3157 3055 0603 5504 030c 44Z0..1W0U..U...
RAW-READ (9) | < 00000060: 4e43 6861 726c 6573 2050 726f 7879 2043 NCharles Proxy C
RAW-READ (9) | < 00000070: 7573 746f 6d20 526f 6f74 2043 6572 7469 ustom Root Certi
RAW-READ (9) | < 00000080: 6669 6361 7465 2028 6275 696c 7420 6f6e ficate (built on
RAW-READ (9) | < 00000090: 204b 6172 6c73 2d69 4d61 632e 6c6f 6361 Karls-iMac.loca
RAW-READ (9) | < 000000a0: 6c2c 2032 3420 4d61 7220 3230 3135 2931 l, 24 Mar 2015)1
RAW-READ (9) | < 000000b0: 2430 2206 0355 040b 0c1b 6874 7470 3a2f $0"..U....http:/
RAW-READ (9) | < 000000c0: 2f63 6861 726c 6573 7072 6f78 792e 636f /charlesproxy.co
RAW-READ (9) | < 000000d0: 6d2f 7373 6c31 1130 0f06 0355 040a 0c08 m/ssl1.0...U.-..
RAW-READ (9) | < 000000e0: 584b 3732 204c 7464 3111 300f 0603 5504 XK72 Ltd1.0...U.
RAW-READ (9) | < 000000f0: 070c 0841 7563 6b6c 616e 6431 1130 0f06 ...Auckland1.0..
RAW-READ (9) | < 00000100: 0355 0408 0c08 4175 636b 6c61 6e64 310b .U....Auckland1.
RAW-READ (9) | < 00000110: 3009 0603 5504 0613 024e 5a30 8201 2230 0...U....NZ0.."0
RAW-READ (9) | < 00000120: 0d06 092a 8648 86f7 0d01 0101 0500 0382 -..*.H..-.......
RAW-READ (9) | < 00000130: 010f 0030 8201 0a02 8201 0100 9d88 b077 ...0..-........w
RAW-READ (9) | < 00000140: 0fae 6751 01d1 cbc1 f5ae ac32 46d0 2cab ..gQ.......2F.,.
RAW-READ (9) | < 00000150: ac6c a164 d678 8df9 655e f36a c5dc c65c .l.d.x..e^.j...\
RAW-READ (9) | < 00000160: 46a3 c5b0 6cf1 486b 9952 7629 e6e9 e20b F...l.Hk.Rv)....
RAW-READ (9) | < 00000170: 0c20 b019 b257 3c15 32eb 4e47 758c 6e74 . ...W<.2.NGu.nt
RAW-READ (9) | < 00000180: ec76 d20e f895 ed2e 93fe 3364 318b aa44 .v........3d1..D
RAW-READ (9) | < 00000190: 538e a418 6302 3042 8421 1dbf 4941 59e8 S...c.0B.!..IAY.
RAW-READ (9) | < 000001a0: 37f2 a769 9fcb aa45 f8f6 e3b1 ed9d 9e56 7..i...E.......V
RAW-READ (9) | < 000001b0: ee46 a066 ae6d a88e b81a 6098 9d52 2f99 .F.f.m....`..R/.
RAW-READ (9) | < 000001c0: d431 59aa 8849 ff68 4291 849b e8da 2b27 .1Y..I.hB.....+'
RAW-READ (9) | < 000001d0: 7132 179b c67c 7272 2b0e 1d2c b58c 6263 q2...|rr+..,..bc
RAW-READ (9) | < 000001e0: f278 338f d4df 96ea e3ff 2a1a 6641 a68d .x3.......*.fA..
RAW-READ (9) | < 000001f0: 7f81 593f 8017 5c93 da88 033f 7cff b0e2 ..Y?..\....?|...
RAW-READ (9) | < 00000200: 2fb9 022e 3ff1 2dda fb88 7720 501c 05a5 /...?.-...w P...
RAW-READ (9) | < 00000210: e20d 9204 1133 39ef 92bb 1e2a 937f e107 .-...39....*....
RAW-READ (9) | < 00000220: f445 c647 2f66 6e05 1c1f 7724 74a4 d72c .E.G/fn...w$t..,
RAW-READ (9) | < 00000230: 169e aea4 d0cf 0a7d c842 8e17 0203 0100 ......-}.B......
RAW-READ (9) | < 00000240: 01a3 8201 7430 8201 7030 0f06 0355 1d13 ....t0..p0...U..
RAW-READ (9) | < 00000250: 0101 ff04 0530 0301 01ff 3082 012c 0609 .....0....0..,..
RAW-READ (9) | < 00000260: 6086 4801 86f8 4201 0d04 8201 1d13 8201 `.H...B.-.......
RAW-READ (9) | < 00000270: 1954 6869 7320 526f 6f74 2063 6572 7469 .This Root certi
RAW-READ (9) | < 00000280: 6669 6361 7465 2077 6173 2067 656e 6572 ficate was gener
RAW-READ (9) | < 00000290: 6174 6564 2062 7920 4368 6172 6c65 7320 ated by Charles
RAW-READ (9) | < 000002a0: 5072 6f78 7920 666f 7220 5353 4c20 5072 Proxy for SSL Pr
RAW-READ (9) | < 000002b0: 6f78 7969 6e67 2e20 4966 2074 6869 7320 oxying. If this
RAW-READ (9) | < 000002c0: 6365 7274 6966 6963 6174 6520 6973 2070 certificate is p
RAW-READ (9) | < 000002d0: 6172 7420 6f66 2061 2063 6572 7469 6669 art of a certifi
RAW-READ (9) | < 000002e0: 6361 7465 2063 6861 696e 2c20 7468 6973 cate chain, this
RAW-READ (9) | < 000002f0: 206d 6561 6e73 2074 6861 7420 796f 7527 means that you'
RAW-READ (9) | < 00000300: 7265 2062 726f 7773 696e 6720 7468 726f re browsing thro
RAW-READ (9) | < 00000310: 7567 6820 4368 6172 6c65 7320 5072 6f78 ugh Charles Prox
RAW-READ (9) | < 00000320: 7920 7769 7468 2053 534c 2050 726f 7879 y with SSL Proxy
RAW-READ (9) | < 00000330: 696e 6720 656e 6162 6c65 6420 666f 7220 ing enabled for
RAW-READ (9) | < 00000340: 7468 6973 2077 6562 7369 7465 2e20 506c this website. Pl
RAW-READ (9) | < 00000350: 6561 7365 2073 6565 2068 7474 703a 2f2f ease see http://
RAW-READ (9) | < 00000360: 6368 6172 6c65 7370 726f 7879 2e63 6f6d charlesproxy.com
RAW-READ (9) | < 00000370: 2f73 736c 2066 6f72 206d 6f72 6520 696e /ssl for more in
RAW-READ (9) | < 00000380: 666f 726d 6174 696f 6e2e 300e 0603 551d formation.0...U.
RAW-READ (9) | < 00000390: 0f01 01ff 0404 0302 0204 301d 0603 551d ..........0...U.
RAW-READ (9) | < 000003a0: 0e04 1604 1465 217b abc7 064c 2357 3bb4 .....e!{...L#W;.
RAW-READ (9) | < 000003b0: 1bd3 f900 a13f d58e e230 0d06 092a 8648 .....?...0-..*.H
RAW-READ (9) | < 000003c0: 86f7 0d01 010b 0500 0382 0101 0002 a49b ..-.............
RAW-READ (9) | < 000003d0: 65f3 a10a ea51 b1bb 4044 dda2 462f 010e e..-.Q..@D..F/..
RAW-READ (9) | < 000003e0: 5d02 3692 6e80 b02a 8997 2e25 ad38 d033 ].6.n..*...%.8.3
RAW-READ (9) | < 000003f0: 8b47 7676 16ea 2e4c a319 06cd d5cb bbbf .Gvv...L........
RAW-READ (9) | < 00000400: 402f 432d cf0a 0b12 63c6 b2bc 8ce1 3a82 @/C-.-..c.....:.
RAW-READ (9) | < 00000410: 6100 936e 92cd 9750 480e 8932 809c c3c7 a..n...PH..2....
RAW-READ (9) | < 00000420: 1ab7 fb01 86b4 889f 93ef 41ff 2d35 595a ..........A.-5YZ
RAW-READ (9) | < 00000430: 913d 0d17 0659 6d0a 241d 15ec 7d5e 9e35 .=-..Ym-$...}^.5
RAW-READ (9) | < 00000440: bf09 ab8a 21bc 37c5 6a71 bd05 0c3c 31de ....!.7.jq...<1.
RAW-READ (9) | < 00000450: ef1a 7e8d 17e0 9f56 f3ea 9e6f d44d 885a ..~....V...o.M.Z
RAW-READ (9) | < 00000460: 6c3e 1c53 8658 de3a d3bb d38a 926d 7a2e l>.S.X.:.....mz.
RAW-READ (9) | < 00000470: 8caf b88e 621f 5949 aac8 769c 8112 0d02 ....b.YI..v...-.
RAW-READ (9) | < 00000480: ea86 eeb2 9a68 25fb 338f 3ad6 b1b8 5005 .....h%.3.:...P.
RAW-READ (9) | < 00000490: 0411 cc95 5e1a e6eb 930f e9de 8ef7 6600 ....^.........f.
RAW-READ (9) | < 000004a0: 0e11 a36a 3571 e270 5e0d eaf0 535c 4105 ...j5q.p^-..S\A.
RAW-READ (9) | < 000004b0: 8b20 eb21 f862 cefe 1075 12d8 98fc 0bfe . .!.b...u......
RAW-READ (9) | < 000004c0: 336e a548 1aff 620d e6e5 0841 3b0c 0000 3n.H..b-...A;...
RAW-READ (9) | < 000004d0: c903 0017 4104 3b1f a589 7705 4eda ccd3 ....A.;...w.N...
RAW-READ (9) | < 000004e0: 5d28 4e5e 7627 0ba0 2d61 7d8e 7251 cbc8 ](N^v'..-a}.rQ..
RAW-READ (9) | < 000004f0: e8f0 e526 f6f9 17c7 dacf 9566 3893 8409 ...&.......f8...
RAW-READ (9) | < 00000500: 75ce 7fcc bca2 e754 43e1 84a0 34f8 d8f2 u......TC...4...
RAW-READ (9) | < 00000510: 50b8 8b2b 2098 0501 0080 435c cb35 1e55 P..+ .....C\.5.U
RAW-READ (9) | < 00000520: 0ce0 a1d3 685a 3834 6f82 9f82 cdc3 bad4 ....hZ84o.......
RAW-READ (9) | < 00000530: 65a9 9261 f83d ae77 6479 951a 3527 747f e..a.=.wdy..5't.
RAW-READ (9) | < 00000540: dbd3 a751 5215 e710 6438 0b26 2ea7 b693 ...QR...d8.&....
RAW-READ (9) | < 00000550: 33d0 651b 9108 664d 4073 6bfe 8587 b09d 3.e...fM@sk.....
RAW-READ (9) | < 00000560: de39 ec3b b89e 9b2d ca50 1c84 26cc ecad .9.;...-.P..&...
RAW-READ (9) | < 00000570: 8b43 bd2f b73b e2fe eb5b 01e4 54d4 eb4c .C./.;...[..T..L
RAW-READ (9) | < 00000580: 87a7 873e 30f5 0cf6 6af9 0b2d fa77 88fe ...>0...j..-.w..
RAW-READ (9) | < 00000590: e579 d8d0 0de2 93d9 dd3d 0e00 0000 .y..-....=....
RAW-READ (9) | < }
} [3:15]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:16] 12:33:01.823 {
ioLogger
logStruct: array [10] {
BEGIN SSL RECORD DECODE: READ
decodeHandshake [0] @ 0x7fec5a831235, version 303, length 3481 (0xd99)
ServerHello (2, 0x2), length 77 (0x4d)
decodeHandshake [1] @ 0x7fec5a831286, version 303, length 3481 (0xd99)
Certificate (11, 0xb), length 3187 (0xc73)
decodeHandshake [2] @ 0x7fec5a831efd, version 303, length 3481 (0xd99)
ServerKeyExchange (12, 0xc), length 201 (0xc9)
decodeHandshake [3] @ 0x7fec5a831fca, version 303, length 3481 (0xd99)
ServerHelloDone (14, 0xe), length 0 (0x0)
END SSL RECORD DECODE: READ
}
} [3:16]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:17] 12:33:01.823 {
Peer certificate
Subject Sum: www.apple.com
Summary: Charles Proxy Custom Root Certificate (built on Karls-iMac.local, 24 Mar 2015)
} [3:17]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:18] 12:33:01.828 {
Authentication Challenge
Loader: <CFURLRequest 0x7fec59c347e0 [0x102e65610]> {url = https://www.apple.com/, cs = 0x0}
Challenge: challenge space https://www.apple.com:443/, ServerTrustEvaluationRequested (Hash d4261e4bf1daaba6)
} [3:18]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:19] 12:33:01.829 {
Use Credential
Loader: <CFURLRequest 0x7fec59c347e0 [0x102e65610]> {url = https://www.apple.com/, cs = 0x0}
Credential: null
} [3:19]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:20] 12:33:01.829 {
touchConnection
Loader: <CFURLRequest 0x7fec59c347e0 [0x102e65610]> {url = https://www.apple.com/, cs = 0x0}
Timeout Interval: 60.000 seconds
} [3:20]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:21] 12:33:01.829 {
HTTPNetConnection::prepareTransmission
streamInfo: 0x7fec5b329100
requestStream: 0x7fec5b328870
request: : <CFHTTPMessageRef 0x7fec59c362c0(0x7fec59c362d0)> { GET request, url https://www.apple.com/ }
} [3:21]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:22] 12:33:01.830 {
Response Error
Request: <CFURLRequest 0x7fec5b0adcd0 [0x102e65610]> {url = https://www.apple.com/, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1200 "The operation couldn’t be completed. (kCFErrorDomainCFNetwork error -1200.)" UserInfo=0x7fec5b328f50 {_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fec5b0b5f30>, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}
} [3:22]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:23] 12:33:01.832 {
Did Fail
Loader: <CFURLRequest 0x7fec59c347e0 [0x102e65610]> {url = https://www.apple.com/, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1200 "The operation couldn’t be completed. (kCFErrorDomainCFNetwork error -1200.)" UserInfo=0x7fec5b328f50 {_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fec5b0b5f30>, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}
init to origin load: 0.019642s
total time: 0.534796s
total bytes: 0
} [3:23]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:24] 12:33:01.833 {
destroyReadStream: request GET https://www.apple.com/ HTTP/1.1
Request: <CFURLRequest 0x7fec5b0adcd0 [0x102e65610]> {url = https://www.apple.com/, cs = 0x0}
sent: <CFNumber 0xb000000000000003 [0x102e65610]>{value = +0, type = kCFNumberSInt64Type}
received: <CFNumber 0xb000000000000003 [0x102e65610]>{value = +0, type = kCFNumberSInt64Type}
cell sent: <CFNumber 0xb000000000000003 [0x102e65610]>{value = +0, type = kCFNumberSInt64Type}
cell received: <CFNumber 0xb000000000000003 [0x102e65610]>{value = +0, type = kCFNumberSInt64Type}
} [3:24]
Jul 7 12:33:01 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:25] 12:33:01.833 {
~HTTPProtocol: nullptr request
Request: null
sent: 0
received: 0
cell sent: 0
cell received: 0
} [3:25]
Jul 7 12:33:06 ATSTest[86174] <Notice>: CFNetwork Diagnostics [3:26] 12:33:06.319 {
DiskCookieStorage Sync Request
Forced: no
isDirty: no
isWriting: no
File: <CFURL 0x7fec5b328380 [0x102e65610]>{string = file:///Users/karlvr/Library/Developer/CoreSimulator/Devices/1B4FFFD7-0DF2-4BFA-9C2D-1AC40D349E3F/data/Containers/Data/Application/80EE3052-78F1-42B2-965E-3684E24685AB/Library/Cookies/com.cactuslab.ATSTest.binarycookies, encoding = 134217984, base = (null)}
Journal: yes
Mutations: 0
} [3:26]