LiveCode Forums.

Questions and answers about the LiveCode platform.
https://www.forums.livecode.com/

Problem with StartSSL Certificates and Url

https://www.forums.livecode.com/viewtopic.php?f=49&t=26912

Page 1 of 1

Problem with StartSSL Certificates and Url

Posted: Tue Mar 29, 2016 7:48 pm
by oksiquatzel
Hi,

i'm developing an app for iOS using Livecode 7.1.3 with xcode 7.2.1 on MacOS 10.11.
In Standalone settings the "disable ATS" box is UNCHECKED and
search for required inclusions is checked

It seems that there is a problem with certificates issued from startssl.
I created a simple button with this little testcode which i've tested in different iOS simulator versions

Code: Select all

on mouseUp
  #   libURLSetSSLVerification true
   libURLSetSSLVerification false
    
   # remove square brackets in the url. I don't have the permission to post urls
   put URL("https://www[.]startssl[.]com/") into socode
   answer socode
end mouseUp


the answer gives me no sourcecode, regardless of libURLSetSSLVerification.
The Systems Logs of the Simulator gives me the Error
NSURLSession/NSURLConnection HTTP load failed
When i try other ssl urls like google e.g. i get the source code.

When i check the "disable ATS" box i get an answer from startssl.

When i open the startssl in the Safari browser within the simulator the site works well

I don't know if this is a livecode problem or a xcode problem.

Best Regards

Oksi

Re: Problem with StartSSL Certificates and Url

Posted: Fri Apr 01, 2016 4:40 pm
by quailcreek
Could this be the problem?

http://quality.livecode.com/show_bug.cgi?id=17150

Re: Problem with StartSSL Certificates and Url

Posted: Fri Apr 01, 2016 6:12 pm
by oksiquatzel
Hello,

i've seen this BUG earlier but i think it does not belong to my problem.
I'm connecting to a webserver.
In Livecode and Simulator i don't get any error message display and in Simulator System.log it says "HTTP Load Failed"

The Problem exists regardless if the encryption checkbox is checked or not.

Best Regards

Oksi

Re: Problem with StartSSL Certificates and Url

Posted: Sat Apr 02, 2016 8:45 pm
by jacque
I looked up the error and apparently it isn't just startssl -- other web sites can be affected too. It depends on the server configuration. There's some info here: http://stackoverflow.com/questions/3073 ... d-on-ios-9 and a lot of other hits if you google the error string.

For LC, turning off ATS is the easiest answer, though it makes connections less secure and isn't recommended. Another option is to add exceptions to the app's plist, but I'm not sure how you'd know what all the exceptions should be if the app allows free browsing anywhere.

Re: Problem with StartSSL Certificates and Url

Posted: Tue Apr 05, 2016 5:06 pm
by oksiquatzel
Hello,

after reading the detailed requirements for Apple ATS and comparing
with my server SSL Settings and Zertifikatte, i found the needed Configuration.
For me it was the missing minimum sha2 Signature at the Certifikate and the missing PFS (Perfect Forward Secrecy) support.

Now all is working even with enabled ATS.

(For me it was strange to see that even the Website of my Certifiakte Issuer (startssl) isn't ATS compatible)

Thanks for the Help

Best Regards

Oksi
All times are UTC+01:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/