URLSession:(NSURLSession *)session didReceiveChallenge to trust self signed cert broke in 0.72.x

idrakimuhamad commented 1 year ago

Description

After upgrading expo to SDK 49, our development usage of rn-fetch-blob and react-native-ssl-pinning to skip self signed cert has been broken.

I deduce it to be RN as I've tested using RN cli to create a new project and it also failed albeit with different message.

Error: An SSL error has occurred and a secure connection to the server cannot be made.

I've tested with react-native-ssl-pinning and rn-fetch-blob, both will received error as below on the Bare expo.

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “X.X.X.X” which could put your confidential information at risk.

This doesn't happen when I'm on 0.71.8, which is the version i'm upgrading from.

React Native Version

0.72.3

Output of `npx react-native info`

System: OS: macOS 14.0 CPU: (8) arm64 Apple M1 Memory: 167.77 MB / 16.00 GB Shell: version: "5.9" path: /bin/zsh Binaries: Node: version: 18.12.0 path: ~/.nvm/versions/node/v18.12.0/bin/node Yarn: version: 1.22.19 path: ~/.yarn/bin/yarn npm: version: 8.19.2 path: ~/.nvm/versions/node/v18.12.0/bin/npm Watchman: version: 2023.05.22.00 path: /opt/homebrew/bin/watchman Managers: CocoaPods: version: 1.12.1 path: /Users/idraki/.rbenv/shims/pod SDKs: iOS SDK: Platforms:

DriverKit 23.0
iOS 17.0
macOS 14.0
tvOS 17.0
visionOS 1.0
watchOS 10.0 Android SDK: Android NDK: 22.1.7171670 IDEs: Android Studio: Giraffe 2022.3.1 Giraffe 2022.3.1 Xcode: version: 15.0/15A5195k path: /usr/bin/xcodebuild Languages: Java: version: 11.0.15 path: /usr/bin/javac Ruby: version: 2.7.6 path: /Users/idraki/.rbenv/shims/ruby npmPackages: "@react-native-community/cli": Not Found react: installed: 18.2.0 wanted: 18.2.0 react-native: installed: 0.72.3 wanted: 0.72.3 react-native-macos: Not Found npmGlobalPackages: "react-native": Not Found Android: hermesEnabled: Not found newArchEnabled: Not found iOS: hermesEnabled: true newArchEnabled: false

Steps to reproduce

https://github.com/idrakimuhamad/repro-expo-ssl-self-sign

The repo have a simple reproduction. Just need to include either rn-fetch-blob or rn-ssl-pinning, and use their configuration to skip self signed cert. For rn-fetch-blob is to add trusty during config.

or you can just run the example in repo above.

Snack, screenshot, or link to a repository

https://github.com/idrakimuhamad/repro-expo-ssl-self-sign

cortinico commented 1 year ago

After upgrading expo to SDK 49, our development usage of rn-fetch-blob and react-native-ssl-pinning to skip self signed cert has been broken.

Have you opened this issue against rn-fetch-blob and react-native-ssl-pinning as well? If not please do and link it here

idrakimuhamad commented 1 year ago

I have not, judging by the libraries not being updated for years, I assumed no changes from the library related to this. However, I will report this too to the libraries and link it back 👍

idrakimuhamad commented 1 year ago

I've further deduce that it is not React-Native nor Expo core itself, but one of the expo packages, which i'm further drilling to find that causing this.

cortinico commented 1 year ago

I've further deduce that it is not React-Native nor Expo core itself, but one of the expo packages, which i'm further drilling to find that causing this.

Closing this for now then. Feel free to reopen if you find more evidence that this is a React Native issue

andreamazzarella commented 1 year ago

@idrakimuhamad - currently looking at the same issue - did you have any luck with this?

idrakimuhamad commented 1 year ago

@idrakimuhamad - currently looking at the same issue - did you have any luck with this?

Unfortunately, no. It has something to do with expo-dev-client or expo-upgrade. The issues are still open, so I'll just wait for now.

https://github.com/expo/expo/issues/24096

facebook / react-native