Archived Forum Post

Index of archived forum posts

Question:

Problem with SSL socket connection using library for iOS 6

Sep 20 '12 at 09:02

I just downloaded the library for iOS 6 and now I cannot connect to a SSL socket (port 8443) anymore using exactly the same code as before:

CkoSocket *socket = [[[CkoSocket alloc] init] autorelease];

BOOL success;
success = [socket UnlockComponent: @"MY_KEY"];
if (success != YES) {
    return NO;
}

BOOL ssl;
ssl = YES;
int maxWaitMillisec;
maxWaitMillisec = 20000;

//  The SSL server hostname may be an IP address, a domain name,
//  or "localhost".
NSString *sslServerHost;
sslServerHost = [self getDefaultServerUrl];
int sslServerPort;
sslServerPort = 8443;

//  Connect to the SSL server:
success = [socket Connect: sslServerHost port: [NSNumber numberWithInt: sslServerPort] ssl: ssl maxWaitMs: [NSNumber numberWithInt: maxWaitMillisec]];
if (success != YES) {
    return NO;
}

The old library could connect so "success" had the value "YES". Using the new library, the value is "NO". Did I miss anything important in the release notes or could this be a bug?


Answer

Make sure to post the lastErrorText (retrieve it after a method call that fails). That will be the first thing Matt will ask when he is online.

http://www.chilkatsoft.com/refdoc/objcCkoSocketDoc.html#prop037


Answer

Thanks - could have thought of that by myself... :)

Here is the log:

ChilkatLog: 
  Connect_Socket:
    DllDate: Sep 13 2012
    UnlockPrefix: DIFHROSocket
    Username: iPhone-Christian:mobile
    Architecture: Little Endian; 32-bit
    Language: IOS Objective-C
    VerboseLogging: 0
    objectId: 1
    hostname: https://MyHost
    port: 8443
    ssl: 1
    maxWaitMs: 20000
    ConnectTimeoutMs_1: 20000
    calling ConnectSocket2
    IPV6 enabled connect with NO heartbeat.
    connectingTo: MyHost
    socketErrno: 0
    socketError: Undefined error: 0
    gethostbyname_arg: https://MyHost
    socketErrno: 0
    socketError: Undefined error: 0
    gethostbyname_arg: httpsMyHost
    GetHostByNameHB_ipv4: Elapsed time: 4 millisec
    Cannot get host by name..
    hostname: https://MyHost
    Failed.
  --Connect_Socket
--ChilkatLog
Please note, that I replaced the real hostname in the log with "MyHost" due to personal reasons. If requrired, I can provide the real hostname in a private message. I tested this using 2 different hostnames and got the same result.

The problem happens on the device (mobile network 3G) as well as on the simulator (Wifi connection) when using the latest library.

Thanks for any hints...


Answer

I never used CkoSocket, but you could try to enter an IP address (just to check if it is the GetHostByName causing this issue).

Good luck.


Answer

Using the IP address results in the following log:

ChilkatLog:
  Connect_Socket:
    DllDate: Sep 13 2012
    UnlockPrefix: DIFHROSocket
    Username: iPhone-Christian:mobile
    Architecture: Little Endian; 32-bit
    Language: IOS Objective-C
    VerboseLogging: 0
    objectId: 1
    hostname: https://MyIP
    port: 8443
    ssl: 1
    maxWaitMs: 20000
    ConnectTimeoutMs_1: 20000
    calling ConnectSocket2
    IPV6 enabled connect with NO heartbeat.
    This is an IPV4 numeric address...
    AddrInfoList:
      AddrInfo:
        ai_flags: 0
        ai_family: 2
        ai_socktype: 1
        ai_protocol: 6
        ai_addrlen: 16
        ai_canonname: (NULL)
      --AddrInfo
    --AddrInfoList
    Connect using IPV4.
    ipAddress1: MyIP
    Info: Socket operation in progress..
    myIP_3: 10.76.45.181
    myPort_3: 52014
    connect successful (2)
    clientHelloMajorMinorVersion: 3.1
    buildClientHello:
      majorVersion: 3
      minorVersion: 1
      numRandomBytes: 32
      sessionIdSize: 0
      numCipherSuites: 10
      numCompressionMethods: 1
    --buildClientHello
    handshakeMessageType: ServerHello
    handshakeMessageLen: 0x46
    processHandshakeMessage:
      MessageType: ServerHello
      Processing ServerHello...
      ServerHello:
        MajorVersion: 3
        MinorVersion: 1
        SessionIdLen: 32
        CipherSuite: RSA_WITH_AES_128_CBC_SHA
        CipherSuite: 00,2f
        CompressionMethod: 0
        Queueing ServerHello message.
        ServerHello is OK.
      --ServerHello
    --processHandshakeMessage
    handshakeMessageType: Certificate
    handshakeMessageLen: 0x12df
    processHandshakeMessage:
      MessageType: Certificate
      ProcessCertificates:
        Certificate:
          derSize: 1484
          certSubjectCN: MyHost
          certSerial: 5275D610F5AF49316555E1D8B5406501
          certIssuerCN: VeriSign Class 3 Secure Server CA - G3
        --Certificate
        Certificate:
          derSize: 1520
          certSubjectCN: VeriSign Class 3 Secure Server CA - G3
          certSerial: 6ECC7AA5A7032009B8CEBCF4E952D491
          certIssuerCN: VeriSign Class 3 Public Primary Certification Authority - G5
        --Certificate
        Certificate:
          derSize: 1236
          certSubjectCN: VeriSign Class 3 Public Primary Certification Authority - G5
          certSerial: 250CE8E030612E9F2B89F7054D7CF8FD
          certIssuerCN: 
        --Certificate
        Certificate:
          derSize: 576
          certSubjectCN: 
          certSerial: 3C9131CB1FF6D01B0E9AB8D044BF12BE
          certIssuerCN: 
        --Certificate
        NumCertificates: 4
        Queueing Certificates message...
      --ProcessCertificates
    --processHandshakeMessage
    handshakeMessageType: ServerHelloDone
    handshakeMessageLen: 0x0
    processHandshakeMessage:
      MessageType: ServerHelloDone
      Queueing HelloDone message.
    --processHandshakeMessage
    HandshakeQueue:
      MessageType: ServerHello
      MessageType: Certificate
      MessageType: ServerHelloDone
    --HandshakeQueue
    Dequeued ServerHello message.
    Dequeued Certificate message.
    DequeuedMessageType: ServerHelloDone
    OK to ServerHelloDone!
    No client certificate required by the server.
    Encrypted pre-master secret with server certificate RSA public key is OK.
    Sending ClientKeyExchange...
    Sent ClientKeyExchange message.
    Sending ChangeCipherSpec...
    Sent ChangeCipherSpec message.
    Derived keys.
    Installed new outgoing security params.
    Sending FINISHED message..
    algorithm: aes
    keyLength: 128
    Sent FINISHED message..
    TlsAlert:
      level: fatal
      descrip: handshake failure
    --TlsAlert
    Failed to read incoming handshake messages. (3)
    Client handshake failed. (3)
    Failed.
  --Connect_Socket
--ChilkatLog
GetHostByName seems to be at least a part of the problem - now the handshake fails according to the log.


Answer

I will leave this to Matt, he should be online in one or two hours ;-)

Oh, please enclose those lastErrors with html <pre> and </pre> tags - a bit more readable.


Answer

Thanks Gert! I'll have a look to see if there's something wrong with the iOS 6 build.


Answer

The initial problem is that "https://MyHost" is not a hostname, it is a URL. The hostname should be either a domain name, or an IP address. It should not be a URL.

I tested the same on iOS6 but did not reproduce the problem. If you are able to provide the IP address, I'll be happy to try connecting to it.

PS> Also, there were numerous existing Chilkat customers all needing iOS6 builds, and I haven't received any problem reports from them...


Answer

Matt,

Are you just suggesting to Chris he should use MyHost instead of https//MyHost

(or 1.2.3.4 instead of https://1.2.3.4)


Answer

Thank you for the clarification. I just retested it using the domain name instead of the complete URL (although this was working in the previous version of the library) and the result is:

ChilkatLog:
  Connect_Socket:
    DllDate: Sep 13 2012
    UnlockPrefix: DIFHROSocket
    Username: iPhone-Christian:mobile
    Architecture: Little Endian; 32-bit
    Language: IOS Objective-C
    VerboseLogging: 0
    objectId: 1
    hostname: MyHost
    port: 8443
    ssl: 1
    maxWaitMs: 20000
    ConnectTimeoutMs_1: 20000
    calling ConnectSocket2
    IPV6 enabled connect with NO heartbeat.
    connectingTo: MyHost
    GetHostByNameHB_ipv4: Elapsed time: 3 millisec
    Info: Socket operation in progress..
    myIP_1: 192.168.1.19
    myPort_1: 52608
    connect successful (1)
    clientHelloMajorMinorVersion: 3.1
    buildClientHello:
      majorVersion: 3
      minorVersion: 1
      numRandomBytes: 32
      sessionIdSize: 0
      numCipherSuites: 10
      numCompressionMethods: 1
    --buildClientHello
    handshakeMessageType: ServerHello
    handshakeMessageLen: 0x46
    processHandshakeMessage:
      MessageType: ServerHello
      Processing ServerHello...
      ServerHello:
        MajorVersion: 3
        MinorVersion: 1
        SessionIdLen: 32
        CipherSuite: RSA_WITH_AES_128_CBC_SHA
        CipherSuite: 00,2f
        CompressionMethod: 0
        Queueing ServerHello message.
        ServerHello is OK.
      --ServerHello
    --processHandshakeMessage
    handshakeMessageType: Certificate
    handshakeMessageLen: 0x12df
    processHandshakeMessage:
      MessageType: Certificate
      ProcessCertificates:
        Certificate:
          derSize: 1484
          certSubjectCN: MyHost
          certSerial: 5275D610F5AF49316555E1D8B5406501
          certIssuerCN: VeriSign Class 3 Secure Server CA - G3
        --Certificate
        Certificate:
          derSize: 1520
          certSubjectCN: VeriSign Class 3 Secure Server CA - G3
          certSerial: 6ECC7AA5A7032009B8CEBCF4E952D491
          certIssuerCN: VeriSign Class 3 Public Primary Certification Authority - G5
        --Certificate
        Certificate:
          derSize: 1236
          certSubjectCN: VeriSign Class 3 Public Primary Certification Authority - G5
          certSerial: 250CE8E030612E9F2B89F7054D7CF8FD
          certIssuerCN: 
        --Certificate
        Certificate:
          derSize: 576
          certSubjectCN: 
          certSerial: 3C9131CB1FF6D01B0E9AB8D044BF12BE
          certIssuerCN: 
        --Certificate
        NumCertificates: 4
        Queueing Certificates message...
      --ProcessCertificates
    --processHandshakeMessage
    handshakeMessageType: ServerHelloDone
    handshakeMessageLen: 0x0
    processHandshakeMessage:
      MessageType: ServerHelloDone
      Queueing HelloDone message.
    --processHandshakeMessage
    HandshakeQueue:
      MessageType: ServerHello
      MessageType: Certificate
      MessageType: ServerHelloDone
    --HandshakeQueue
    Dequeued ServerHello message.
    Dequeued Certificate message.
    DequeuedMessageType: ServerHelloDone
    OK to ServerHelloDone!
    No client certificate required by the server.
    Encrypted pre-master secret with server certificate RSA public key is OK.
    Sending ClientKeyExchange...
    Sent ClientKeyExchange message.
    Sending ChangeCipherSpec...
    Sent ChangeCipherSpec message.
    Derived keys.
    Installed new outgoing security params.
    Sending FINISHED message..
    algorithm: aes
    keyLength: 128
    Sent FINISHED message..
    TlsAlert:
      level: fatal
      descrip: handshake failure
    --TlsAlert
    Failed to read incoming handshake messages. (3)
    Client handshake failed. (3)
    Failed.
  --Connect_Socket
--ChilkatLog

Answer

This new build may solve the problem:

http://www.chilkatsoft.com/preRelease/Chilkat-9.3.2-IOS-6.0.zip

There have been numerous issues reported by many Chilkat customers having to do with the new iOS 6 device builds (the simulator build is reported to work in all cases).

The solution was to build the Chilkat libs with a lower compiler optimization setting. There must be some invalid optimized code produced by the llvm-gcc-4.2 for the armv7 and armv7s devices. The optimization has been changed from "-Os" to "-O1". This has solved the problems of all customers that have so far tested the new build.