"untrusted server certificate" with the Oauth URL https://www.facebook.com/dialog/oauth

[sphilipakis]

LoginDialog is failing with error Webkit error : Error Domain=NSURLErrorDomain Code=-1202 UserInfo=0xd10bf00 "untrusted server certificate" (note: same failure with https://graph.facebook.com)

problem has been coming and going for the last 24h from several ISP, devices and locations in California. Right now it always fails with error

[sphilipakis]

a better error log (from ios4.2) Webkit error : Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.facebook.com” which could put your confidential information at risk." UserInfo=0xb33afa0 {NSErrorFailingURLStringKey=https://www.facebook.com/dialog/oauth?type=user_agent&display=touch&redirect_uri=fbconnect%3A%2F%2Fsuccess&sdk=2&scope=read_stream%2Cfriends_birthday%2Cuser_birthday%2Coffline_access%2Cuser_photos%2Cfriends_photos%2Cpublish_stream%2Cshare_item&client_id=146563558702544, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://www.facebook.com/dialog/oauth?type=user_agent&display=touch&redirect_uri=fbconnect%3A%2F%2Fsuccess&sdk=2&scope=read_stream%2Cfriends_birthday%2Cuser_birthday%2Coffline_access%2Cuser_photos%2Cfriends_photos%2Cpublish_stream%2Cshare_item&client_id=146563558702544, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.facebook.com” which could put your confidential information at risk., NSUnderlyingError=0xb33aff0 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.facebook.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x6274ef0>}

[farnell]

I'm getting the same problem in CA. If I set the date on the phone to a day before it works, so it could be a problem with the server time on their https servers???

[duckeatapple]

I am getting the same error saying "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.facebook.com” which could put your confidential information at risk." too. I am trying to get one-time sign in to work. : (

[sphilipakis]

Not a fix nor a work-arround but for those who need to get pass this blocking SSL error in dev mode, you can define this category (just for dev, not for appstore!):

@interface NSURLRequest(anyssl)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host;
@end
@implementation NSURLRequest(anyssl)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host {
    return YES;
}
@end

Saved me many hours :)

[fightingmonk]

Seeing the same error on an iOS 3.1.3 device from Oregon, no proxies.

Works fine if I use the non-SSL URLs. ;)

[farnell]

I'm seeing it on iOs 4.1 (on iphone 4) as well.

[sphilipakis]

Ok .. apparently Facebook did not use a CA compatible with ios devices to register the www.facebook.com SSL certificate :( ... any one can help ?

[mocy]

Opening https://www.facebook.com on Safari mobile shows the problem: "Cannot Verify Server Identity"

This might be helpful too, to diagnose the problem: https://www.networking4all.com/en/support/tools/site+check/report/?fqdn=www.facebook.com&protocol=https

Also found this discussion, that explain the configuration needed to make DigiCert certificates work with iOS: http://forums.novell.com/novell-product-support-forums/data-synchronizer/ds-mobility-pack/406860-digicert-certs-not-trusted.html

Hope this helps!

[lshepard]

Thanks all, we're investigating.

[lshepard]

We rolled out a new cert today, which didn't validate in all contexts. We just rolled out an updated cert and everything should work now. Thanks for the reports and helpful debugging info!

[mocy]

Awesome news! Thanks Luke for working late on this!

[sphilipakis]

working now for me and @mocy Thanks guys!

[duckeatapple]

It's still not working for me. Now the certificate error is gone, but it shows "An error occurred. Please try again later." on both Facebook app and Safari page. :'(

[farnell]

FaridW, duckeatapple, check that the time on the device is correct. I was testing using an old itouch where the date had reset back to 1970, I found this was also a cause for an untrusted certificate error. I was also getting the error a few days back on my new devices with the correct time but since they have fixed that I no longer get the error.

[duckeatapple]

lepah, thanks for the advice! I am using iPhone 4 and its time is set to "Set Automatically". I am in Taipei's time zone, I tried to set it manually to somewhere in the states like Boston, still getting this "An error occurred. Please try again later." error. Not sure if it is because I unchecked openMP? I couldn't get it compiled with openMP checked.

[lshepard]

The certificate issue in this thread has been resolved. FaridW, duckatapple, it sounds like you have a different issue. Can you open a new issue with full details? (like what URL you're hitting when it says "An error occurred", what user, steps to repro, etc)

[vguerci]

For information, just had this error only on one device. Sorted it by fixing date and time in device settings which was strangely (automatically) set in 1970 :)

[Deepapai]

Even I am getting the error: "Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “www.facebook.com” which could put your confidential information at risk." when I try to login using the latest Face SDK 2.0 in one of my iPhone 3GS(4.3.1). It works fine in iPod Touch(4.3.1)

How do I solve this? I cannot override private API allowsAnyHTTPSCertificateForHost for app store executable.

[jayaprakash]

This issue is not yet resolved fully. I tested with updated Facebook SDK. It is working fine in devices which support multitasking. (Above iOS 4.0). In lower devices (lesser to iOS 4.0) the issue still exists. Please let us know the fix to this.

[Deepapai]

Hi Jayaprakash,

I got this defect in device with iOS 4.3

But, I have traced out the problem and could solve it. The problem was due to the improper date and time set in the device. It was prior to the date and time obtained the App Id.

Regards, DEepa

On 15-Jun-2011, at 6:56 PM, jayaprakash wrote:

This issue is not yet resolved fully. I tested with updated Facebook SDK. It is working fine in devices which support multitasking. (Above iOS 4.0). In lower devices (lesser to iOS 4.0) the issue still exists. Please let us know the fix to this.

Reply to this email directly or view it on GitHub: https://github.com/facebook/facebook-ios-sdk/issues/139#issuecomment-1373533

---

Robosoft Technologies - Come home to Technology

Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.

[jayaprakash]

Hi Deepa,

Thanks for the solutions. It worked. I have a question. If setting the date to valid date fixes the issue, We must have to alert the user to change it. Else, Facebook API should handle it in such a way that, irrespective of what ever date it is, it should continue to login page.

Suggest me.

Thanks Jay

[Deepapai]

I vote for your suggestion. Because, user might have changed the date and time for several reasons. Also, I am not sure if timezone (different countries) again might cause the similar issue.

It would be great if someone asks Facebook API developers to handle this.

On 16-Jun-2011, at 11:42 AM, jayaprakash wrote:

Hi Deepa,

Thanks for the solutions. It worked. I have a question. If setting the date to valid date fixes the issue, We must have to alert the user to change it. Else, Facebook API should handle it in such a way that, irrespective of what ever date it is, it should continue to login page.

Suggest me.

Thanks Jay

Reply to this email directly or view it on GitHub: https://github.com/facebook/facebook-ios-sdk/issues/139#issuecomment-1378954

---

Robosoft Technologies - Come home to Technology

Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.