search

AppsFlyerSDK / AppsFlyerFramework

AppsFlyer Apple SDK
https://support.appsflyer.com/hc/en-us/articles/207032066-AppsFlyer-SDK-Integration-iOS
Other
166 stars 89 forks source link

SSL certificate SecTrust failure is not propagated to `AppsFlyerTrackerDelegate` #123

Closed alvarhansen closed 1 year ago

alvarhansen commented 3 years ago

Report

SDK Version

5.4.1

What did you do?

I used Charles Proxy to proxy my iOS device network communication and enabled SSL proxying for t.appsflyer.com domain.

What did you expect to happen?

I expect one of AppsFlyerTrackerDelegate failure delegate methods to be called. Either - (void) onConversionDataRequestFailure:(NSError *)error; or - (void) onAppOpenAttributionFailure:(NSError *)error;

What happened instead?

None of the delegate methods are called.

Please provide any other relevant information.

From console logs I can see that pinned certificate check failed:

2020-08-27 14:10:20.915926+0300 AppName[2208:623199] Task <C02B1880-8084-4541-AE81-91DC0937BF3C>.<2> HTTP load failed, 0/0 bytes (error code: -1202 [3:-9813])
2020-08-27 14:10:20.916747+0300 AppName[2208:623199] [] tcp_output [C10.1:2] flags=[R.] seq=424524300, ack=417045404, win=1021 state=CLOSED rcv_nxt=417045404, snd_una=424524300
2020-08-27 14:10:20.919371+0300 AppName[2208:623201] Task <C02B1880-8084-4541-AE81-91DC0937BF3C>.<2> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “t.appsflyer.com” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281ea4870>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, NSErrorPeerCertificateChainKey=(
    "<cert(0x11a829c00) s: *.appsflyer.com i: Charles Proxy CA (7 Mar 2018, AlvarHaMBPr2017.lan)>",
    "<cert(0x11a82a600) s: Charles Proxy CA (7 Mar 2018, AlvarHaMBPr2017.lan) i: Charles Proxy CA (7 Mar 2018, AlvarHaMBPr2017.lan)>"
), NSUnderlyingError=0x2823f6430 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281ea4870>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
    "<cert(0x11a829c00) s: *.appsflyer.com i: Charles Proxy CA (7 Mar 2018, AlvarHaMBPr2017.lan)>",
    "<cert(0x11a82a600) s: Charles Proxy CA (7 Mar 2018, AlvarHaMBPr2017.lan) i: Charles Proxy CA (7 Mar 2018, AlvarHaMBPr2017.lan)>"
)}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “t.appsflyer.com” which could put your confidential information at risk., NSErrorFailingURLKey=https://t.appsflyer.com/api/v4.9/iosevent?app_id=1229637820&buildnumber=4.8.9, NSErrorFailingURLStringKey=https://t.appsflyer.com/api/v4.9/iosevent?app_id=1229637820&buildnumber=4.8.9, NSErrorClientCertificateStateKey=0}
andr-ggn commented 3 years ago

Why did you decide that this endpoint relates to this delegate methods?

alvarhansen commented 3 years ago

Why did you decide that this endpoint relates to this delegate methods?

Through process of elimination. If I remove this interception, then the delegate is called. For us it is important to get some decision back from the SDK.

af-fess commented 1 year ago

This issue has been inactive for a while, and will now be closed due to inactivity. If you still believe this is a valid issue, please feel free to reopen it or create a new issue with updated information.

The problem might be in Charles usage.