CFNetwork SSLHandshake failed (-9807)

[xmkevin]

When I upgrade from 0.7.4 to 0.7.8 ，the mqtt session cannot connect to server , which has the following errors

[MQTTSession] mqttTransport didFailWithError Error Domain=NSOSStatusErrorDomain Code=-9807 "(null)"

[zhuli8com]

- (void)connectTo:(NSString *)host
             port:(NSInteger)port
              tls:(BOOL)tls
        keepalive:(NSInteger)keepalive
            clean:(BOOL)clean
             auth:(BOOL)auth
             user:(NSString *)user
             pass:(NSString *)pass
             will:(BOOL)will
        willTopic:(NSString *)willTopic
          willMsg:(NSData *)willMsg
          willQos:(MQTTQosLevel)willQos
   willRetainFlag:(BOOL)willRetainFlag
     withClientId:(NSString *)clientId
   securityPolicy:(MQTTSSLSecurityPolicy *)securityPolicy
     certificates:(NSArray *)certificates {
    [self connectTo:host
               port:port
                tls:tls
          keepalive:keepalive
              clean:clean
               auth:auth
               user:user
               pass:pass
               will:will
          willTopic:willTopic
            willMsg:willMsg
            willQos:willQos
     willRetainFlag:willRetainFlag
       withClientId:clientId
     securityPolicy:nil
       certificates:nil
      protocolLevel:MQTTProtocolVersion311]; // use this level as default, keeps it backwards compatible
}

securityPolicy:nil？？？？？？

[zhuli8com]

@xmkevin step in

[xmkevin]

Sorry, I have rollbacked to 0.7.4 and I will try it the way

[ckrey]

Are you using security policy? Do you use self-signed certificates for your broker?

Sorry for the late reply!

[xmkevin]

Yes, I am using self-signed certificates in my broker. The following is my connection code.

MQTTSSLSecurityPolicy *policy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
    policy.allowInvalidCertificates = YES;
    policy.validatesCertificateChain = NO;
    policy.validatesDomainName = NO;

    NSString *filePath = [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"der"];
    NSData *crtData = [NSData dataWithContentsOfFile:filePath];
    policy.pinnedCertificates = [[NSMutableArray alloc] initWithObjects:crtData, nil];

    NSString *host = AppSettings.mqttHost;
    NSUInteger port = AppSettings.mqttPort;

    [self.sessionManager  connectTo:host
                               port:port
                                tls:YES
                          keepalive:60
                              clean:false
                               auth:false
                               user:nil
                               pass:nil
                               will:false
                          willTopic:nil
                            willMsg:nil
                            willQos:0
                     willRetainFlag:FALSE
                       withClientId:self.clientId
                     securityPolicy:policy
                       certificates:nil];

[ckrey]

Fixed, thanks for identifying this bug

[cnzlh]

did you solved the prolbem?

[ckrey]

yes, get the new 0.7.9 Cocoapods version or pull from github

[xmkevin]

Great! Thanks

[cnzlh]

Your environment is one-way authentication, right?

[DreamScy]

hello ,w'hen I use the mqtt of version 0.8.5,I find give back a error ,====Error Domain=NSOSStatusErrorDomain Code=-9806 "(null)", can you help me ,what the error it is?

thank you

[ckrey]

@xiaohuduxian your question is off-topic. Please check if you are using an official TLS certificate on your broker, or if you provided the correct ca certificate as a pinned certificate

[DreamScy]

Thank you for your reply, we are using a custom certificate, you must subscribe to the theme at the time of connection? We don't need the certificate can be connected properly, but can not add, if the certificate, I want to know the client server using the certificate and the certificate used for what is the difference,

Below is my introduction written in accordance with your demo /**/ MQTTSession *session = [[MQTTSession alloc] init];

//证书加密
NSString* certificate = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"ios_client_from_tkbs" ofType:@"cer"];
session.securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
session.securityPolicy.pinnedCertificates = @[ [NSData dataWithContentsOfFile:certificate] ];
session.securityPolicy.allowInvalidCertificates = YES;  //  MQTTCFSocketTransport
session.securityPolicy.validatesCertificateChain = NO;
session.securityPolicy.validatesDomainName = NO;

// clientid session.clientId = [UIDevice currentDevice].identifierForVendor.UUIDString; session.userName = @"test"; session.password = @"123456"; [session connectToHost:@"192.168.1.49" port:61613 usingSSL:NO]; /****/ can you help me find the question by this codes? very much for you help

[DreamScy]

[session connectToHost:@"192.168.1.49" port:61613 usingSSL:YES];

[ckrey]

This is a fixed and closed issue. Your question is off-topic. Can you please open a separate issue.

What is the content of your .cer file? How did you create it? If you don't want to validate the domain name and do not want to validate the certificate chain and will allow invalid certificates, you do not need to pass a certificate (use policyWithPinningMode: MQTTSSLPinningModeNone).

[hongshuai]

CFNetwork SSLHandshake failed (-9807) [MQTTSession] mqttTransport didFailWithError Error Domain=NSOSStatusErrorDomain Code=-9807 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9807, _kCFStreamErrorDomainKey=3}

// my code MQTTCFSocketTransport transport = [[MQTTCFSocketTransport alloc] init]; transport.host = @"10.16.44.110";//kHost; transport.port = 8883; transport.tls = YES; NSBundle bundle = [NSBundle bundleForClass:self.class]; NSString path = [bundle pathForResource:@"mqtt" ofType:@"p12"]; NSArray myCerts = [MQTTCFSocketTransport clientCertsFromP12:path passphrase:kPassphrase];

need help I cannot find quetion where is question