Changed SSL Pinning Error to be NSURLErrorServerCertificateUntrusted
#3191
Conversation
When the server trust is invalid, using `NSURLSessionAuthChallengeCancelAuthenticationChallenge` terminates the task with an error from `NSURLErrorDomain` with code `NSURLErrorCancelled` (-999) which is indistinguishable from the error you get when calling the `cancel` method on a `NSURLSessionTask`.
Using `NSURLSessionAuthChallengeRejectProtectionSpace` instead produces a much better error:
Error Domain: NSURLErrorDomain
Code: NSURLErrorServerCertificateUntrusted (-1202)
NSLocalizedDescription: "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “httpbin.org” which could put your confidential information at risk."
Fixes #3165
Trying to figure out why the `testInvalidServerTrustProducesCorrectError` test passes on iOS 9 and tvOS but fails on iOS 8 and OS X here: https://travis-ci.org/AFNetworking/AFNetworking/builds/92142622
Changed SSL Pinning Error to be `NSURLErrorServerCertificateUntrusted`
🍻 |
Excellent, thanks for fixing it. Now there’s one problem remaining: the same code in the OS X Demo app returns Maybe we should just assert |
Added the |
👍 |
I just ran the code in the OS X demo app, and got
|
Here is what I get with my pinning-error-in-demo-app branch:
Running OS X 10.11.1 (15B42). Can you try to run this branch and see if you get the -1200 or -1202 error? |
OOOOOKKKKK... If I add App Transport Security (Allow Arbitrary Loads) settings to the Mac Example, I get -1202. Without it, I get -1200. |
Of course, -1200 means an ATS issue, I should have known better! Thanks for clearing that up. |
Cleaned up @0xced's work in #3169 and got the test to pass.