Apple doesn't recognize imgur's HTTPS

3
votes

I have multiple links from imgur with HTTPS (e.g https://i.imgur.com/DMKPbRe.jpg). I'm using this as one of my background for my protoype app, but whenever I run it on my iPhone 7 physical device, the app crushes with error code 1200. Actual error is below:

2019-01-22 19:36:54.402391+0800 App[00000:0000000] Task <00000000000000000000>.<2> load failed with error Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://i.imgur.com/DMKPbRe.jpg, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <00000000000000000>.<2>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <0000000000000>.<2>"), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://i.imgur.com/DMKPbRe.jpg, NSUnderlyingError=0x2824d4150 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9816}}, _kCFStreamErrorCodeKey=-9816} [-1200]

Code used to retrieve url:

let imgURL = URL(string: "https://i.imgur.com/DMKPbRe.jpg")
    let imgImageView = UIImageView()
    imgImageView.kf.setImage(with: imgURL) { (img, err, cacheType, url) in
        if img == nil {
           // TODO: add placeholder image when url didn't loaded
        }
        let imgTexture = SKTexture(image: img!)
        self.img = SKSpriteNode(texture: imgTexture)
    }

I don't want to turn off App Transport Security as I don't want to possibly mess up Apple's security for apps developed in Xcode

1
iosswiftxcode
Please show the code you use to fetch the image.JeremyP
@JeremyP I used Kingfisher library to retrieve the image. It has nothing to do with Kingfisher as I tried retrieving Google's logo with Google URL and it worked.Akio
Have you tried the ATS diagnostics with nscurl? I think you can run it in Terminal.app with the command: nscurl --ats-diagnostics https://i.imgur.com/DMKPbRe.jpgMats
@Mats, it looks like imgur doesn't support TLSv1.3.user28434'mstep
@Akio What I meant was show us whatever code it was that you wrote to get the URL. It would really help other people reproduce the problem so it can be diagnosed.JeremyP

1 Answers

2
votes

I found a similar problem with another server, and following the advice/comment of @Mats I found with nscurl that the server does not support TLS 1.3 and with trial and error that NSExceptionRequiresForwardSecrecy is not supported, too. Therefore, I added the following to my project Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>rovicorp.com</key>
        <dict>
            <!-- Allow subdomains -->
            <key>NSIncludesSubdomains</key>
            <true/>
            <!-- Exclude HTTP requests -->
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <false/>
            <!-- Disable some extra cypher suites -->
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <!-- Specify minimum TLS version -->
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
        </dict>
    </dict>
</dict>

Pay special attention to <key>rovicorp.com</key> where is defined the domain affected by these settings, which will not be applied to any other domains.

The NSTemporaryExceptionAllowsInsecureHTTPLoads can be removed, I just added it for completion, just in case that someone wants to use HTTP requests.

I hope this helps you,

Xavi