TLS handshake error on iPhone device about ziti-sdk-swift HOT 13 CLOSED

openziti commented on June 3, 2024

TLS handshake error on iPhone device

from ziti-sdk-swift.

Comments (13)

Hin-D commented on June 3, 2024

How to modify to disable certificate verification during a request?

from ziti-sdk-swift.

smilindave26 commented on June 3, 2024

The simulator is running smoothly. But I run it on iPhone and take this error Error Domain=ZitiError Code=-53 "unexpected error"

On TLS handshake error getting a negative response code (-53)

Please help

Can you send more info from the logs? You can access them via "Send Feedback", which will create an email with the logs attached. If you send the logs to help at openziti.org we'll see them.

from ziti-sdk-swift.

smilindave26 commented on June 3, 2024

Certificates are required to establish the endpoint identity

from ziti-sdk-swift.

Hin-D commented on June 3, 2024

iPhone device log


[2023-06-12T02:20:18:434Z]    INFO CZiti:ZitiUrlManager.swift:134 host() *-*-*-*-* https://www.xxxxx intercepting none)
[2023-06-12T02:20:18:436Z]    INFO CZiti:ZitiUrlProtocol.swift:212 canInit() *-*-*-*-* is intercepting https://www.xxxxx
[2023-06-12T02:20:18:439Z]   DEBUG CZiti:ZitiUrlProtocol.swift:186 init() init <CZiti.ZitiUrlProtocol: 0x282598040>, Thread: Optional("com.apple.CFNetwork.CustomProtocols")
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:posture.c:211 ziti_send_posture_data() ztx[0] posture checks must_send set to TRUE, new_session_id[FALSE], must_send_every_time[TRUE], new_controller_instance[FALSE]
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:connect.c:531 process_connect() conn[0.1/Connecting] starting Dial connection for service[6|service|bgzs_bgzs] with session[clis87s084vwf17cncjad6wg2]
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:connect.c:414 ziti_connect() conn[0.1/Connecting] selected ch[ziti-edge-rt1@tls://r1.hn.rt.echa.xxx:6443] for best latency(10 ms)
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:connect.c:301 on_channel_connected() conn[0.1/Connecting] selected ch[ziti-edge-rt1@tls://r1.hn.rt.echa.xxx:6443] status[0]
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:channel.c:214 ziti_channel_add_receiver() ch[4] added receiver[1]
[2023-06-12T02:20:18:500Z]   ERROR CZiti:ZitiUrlProtocol.swift:310 ZitiUrlProtocol() -53 str
(82986)[2023-06-12T02:20:18.500Z]   DEBUG ziti-sdk:channel.c:221 ziti_channel_rem_receiver() ch[4] removed receiver[1]
(82986)[2023-06-12T02:20:18.500Z]   DEBUG ziti-sdk:connect.c:169 close_conn_internal() conn[0.1/Closed] removing
(82986)[2023-06-12T02:20:18.500Z]   DEBUG ziti-sdk:ziti.c:1597 grim_reaper() ztx[0] reaped 1 closed (out of 1 total) connections
2023-06-12 10:20:18.501126+0800 YCSDK_Example[82986:15835561] Task <361C30F4-7E29-47F7-A601-96492114C372>.<1> finished with error [-53] Error Domain=ZitiError Code=-53 "unexpected error" UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>"
), NSLocalizedDescription=unexpected error, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>}
2023-06-12 10:20:18.501630+0800 YCSDK_Example[82986:15834981] error = Error Domain=ZitiError Code=-53 "unexpected error" UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>"
), NSLocalizedDescription=unexpected error, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>}

from ziti-sdk-swift.

Hin-D commented on June 3, 2024

iPhone simulator log

[2023-06-12T02:20:55:432Z]    INFO CZiti:ZitiUrlManager.swift:134 host() *-*-*-*-* https://www.xxxxx intercepting none)
[2023-06-12T02:20:55:433Z]    INFO CZiti:ZitiUrlProtocol.swift:212 canInit() *-*-*-*-* is intercepting https://www.xxxxx
[2023-06-12T02:20:55:434Z]   DEBUG CZiti:ZitiUrlProtocol.swift:186 init() init <CZiti.ZitiUrlProtocol: 0x600000bc0380>, Thread: Optional("com.apple.CFNetwork.CustomProtocols")
(66849)[2023-06-12T02:20:55.434Z]   DEBUG ziti-sdk:posture.c:211 ziti_send_posture_data() ztx[0] posture checks must_send set to TRUE, new_session_id[FALSE], must_send_every_time[TRUE], new_controller_instance[FALSE]
(66849)[2023-06-12T02:20:55.434Z]   DEBUG ziti-sdk:connect.c:521 process_connect() conn[0.0/Connecting] requesting 'Dial' session for service[6|service|bgzs_bgzs]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:ziti_ctrl.c:326 ctrl_body_cb() ctrl[c1.ctrl.echa.xxx] completed POST[/sessions] in 0.074 s
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:483 connect_get_net_session_cb() conn[0.0/Connecting] got session[clis89dr24vyu17cngpjwdjez] for service[6|service|bgzs_bgzs]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:posture.c:211 ziti_send_posture_data() ztx[0] posture checks must_send set to TRUE, new_session_id[FALSE], must_send_every_time[TRUE], new_controller_instance[FALSE]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:531 process_connect() conn[0.0/Connecting] starting Dial connection for service[6|service|bgzs_bgzs] with session[clis89dr24vyu17cngpjwdjez]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:414 ziti_connect() conn[0.0/Connecting] selected ch[ziti-edge-rt2@tls://r2.hn.rt.echa.xxx:6443] for best latency(7 ms)
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:301 on_channel_connected() conn[0.0/Connecting] selected ch[ziti-edge-rt2@tls://r2.hn.rt.echa.xxx:6443] status[0]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:channel.c:214 ziti_channel_add_receiver() ch[1] added receiver[0]
[2023-06-12T02:20:55:644Z]   DEBUG CZiti:ZitiUrlProtocol.swift:190 deinit() deinit <CZiti.ZitiUrlProtocol: 0x600000bc0380>, Thread: Optional("ziti_uv_loop_private")
2023-06-12 10:20:55.644877+0800 YCSDK_Example[66849:15203009] responseObject = {length = 65, bytes = 0x7b227265 73756c74 436f6465 223a2230 ... 73223a74 7275657d }

from ziti-sdk-swift.

Hin-D commented on June 3, 2024

@smilindave26 Could you please show me where the modification is needed?

from ziti-sdk-swift.

smilindave26 commented on June 3, 2024

A couple of things:

log messages from the CSDK (e.g., process_connect() show different line numbers when run on the device versus in the simulator. This suggests you are running different versions of software in the two logs
There should log messages when you start up indicating the version of the CSDK being used
I don't recognize ZitiUrlManager.swift. Is that a file you added?

Can you tell me more about how you built the project and the application you are developing/running?

from ziti-sdk-swift.

Hin-D commented on June 3, 2024

Is this issue got resolved ? I am also facing this same error.

The issue has been resolved. I found the default CA certificate on MacOS, placed it in the project, and used this certificate in the default_tls_context parameter.

from ziti-sdk-swift.

febinAirindia commented on June 3, 2024

That great, Can you share the sample code to use the certificate in default_tls_context parameter.

from ziti-sdk-swift.

smilindave26 commented on June 3, 2024

@febinAirindia the CA bundle should be loaded automatically when you initialize Ziti. Are you using https://openziti.io/ziti-sdk-swift/Classes/Ziti.html#/c:@M@CZiti@objc(cs)Ziti(im)init::name:caPool: ? You can also load from a file via https://openziti.io/ziti-sdk-swift/Classes/Ziti.html#/c:@M@CZiti@objc(cs)Ziti(im)initFromFile:

from ziti-sdk-swift.

febinAirindia commented on June 3, 2024

Yes I am using Ziti from saved json file.
func runZiti(completion: @escaping (Bool, Error?)->()) { ziti = Ziti(fromFile: outFile) if let ziti = ziti { ziti.runAsync { zErr in guard zErr == nil else { print("Unable to run Ziti: \(String(describing: zErr!))") completion(false, AIError.customError(msg: "Unable to run Ziti: \(String(describing: zErr!))")) return } ZitiLog.setLogLevel(.NONE) ZitiUrlProtocol.register(ziti) DispatchQueue.main.asyncAfter(deadline: .now() + 1) { completion(true, nil) } } } else { /// handle if no ziti outfile found debugPrint("No ziti outfile found") completion(false, AIError.customError(msg: "No ziti outfile found")) } }

from ziti-sdk-swift.

smilindave26 commented on June 3, 2024

zid file was created from the callback of a successful Ziti.enroll()? Inspecting the file, you should see a czid.ca entry in the JSON. Does it look correctly populated with series of PEM certs?

from ziti-sdk-swift.

surennaidu commented on June 3, 2024

The issue is fixed in the swift SDK release 0.30.21 - https://github.com/openziti/ziti-sdk-swift/releases/tag/0.30.21 . The problem was access to CA bundle on iOS

@Hin-D - if you have an active project that requires to secure mobile apps, we would be happy to assist.

from ziti-sdk-swift.

TLS handshake error on iPhone device about ziti-sdk-swift HOT 13 CLOSED

Comments (13)

Related Issues (17)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent