Problem with StartSSL Certificates and Url

[oksiquatzel]

Hi,

i'm developing an app for iOS using Livecode 7.1.3 with xcode 7.2.1 on MacOS 10.11.
In Standalone settings the "disable ATS" box is UNCHECKED and
search for required inclusions is checked

It seems that there is a problem with certificates issued from startssl.
I created a simple button with this little testcode which i've tested in different iOS simulator versions

Code: Select all

on mouseUp
  #   libURLSetSSLVerification true
   libURLSetSSLVerification false
    
   # remove square brackets in the url. I don't have the permission to post urls
   put URL("https://www[.]startssl[.]com/") into socode
   answer socode
end mouseUp

the answer gives me no sourcecode, regardless of libURLSetSSLVerification.
The Systems Logs of the Simulator gives me the Error

NSURLSession/NSURLConnection HTTP load failed

When i try other ssl urls like google e.g. i get the source code.

When i check the "disable ATS" box i get an answer from startssl.

When i open the startssl in the Safari browser within the simulator the site works well

I don't know if this is a livecode problem or a xcode problem.

Best Regards

Oksi

[quailcreek]

Could this be the problem?

http://quality.livecode.com/show_bug.cgi?id=17150

[oksiquatzel]

Hello,

i've seen this BUG earlier but i think it does not belong to my problem.
I'm connecting to a webserver.
In Livecode and Simulator i don't get any error message display and in Simulator System.log it says "HTTP Load Failed"

The Problem exists regardless if the encryption checkbox is checked or not.

Best Regards

Oksi

[jacque]

I looked up the error and apparently it isn't just startssl -- other web sites can be affected too. It depends on the server configuration. There's some info here: http://stackoverflow.com/questions/3073 ... d-on-ios-9 and a lot of other hits if you google the error string.

For LC, turning off ATS is the easiest answer, though it makes connections less secure and isn't recommended. Another option is to add exceptions to the app's plist, but I'm not sure how you'd know what all the exceptions should be if the app allows free browsing anywhere.

[oksiquatzel]

Hello,

after reading the detailed requirements for Apple ATS and comparing
with my server SSL Settings and Zertifikatte, i found the needed Configuration.
For me it was the missing minimum sha2 Signature at the Certifikate and the missing PFS (Perfect Forward Secrecy) support.

Now all is working even with enabled ATS.

(For me it was strange to see that even the Website of my Certifiakte Issuer (startssl) isn't ATS compatible)

Thanks for the Help

Best Regards

Oksi