search

novastone-media / MQTT-Client-Framework

iOS, macOS, tvOS native ObjectiveC MQTT Client Framework
Other
1.84k stars 465 forks source link

CFNetwork SSLHandshake failed (-9806) #233

Closed DreamScy closed 7 years ago

DreamScy commented 7 years ago

Do not use ssl to connect the server (is not encrypted)is ok! the code is following:

/****/

  //no use the ssl to connect the server, is ok
    MQTTSession *session = [[MQTTSession alloc] init];
    session.clientId = [UIDevice currentDevice].identifierForVendor.UUIDString;
    session.keepAliveInterval = 3600;
    session.userName = @"test";
    session.password = @"password";
    [session connectToHost:@"192.168.1.19" port:61614 usingSSL:NO];

/****/

but if I use custom certificates ,

/****/

 MQTTSession *session1 = [[MQTTSession alloc] init];
    session.clientId = [UIDevice currentDevice].identifierForVendor.UUIDString;
    //证书加密
    NSString* certificate = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"server" ofType:@"cer"];
    session.securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
    session.securityPolicy.pinnedCertificates = @[ [NSData dataWithContentsOfFile:certificate] ];
    session.securityPolicy.allowInvalidCertificates = YES;
    session.securityPolicy.validatesCertificateChain = NO;
    session.securityPolicy.validatesDomainName = NO;
    session.keepAliveInterval = 3600;
    session.userName = @"test";
    session.password = @"password";
    [session1 connectToHost:@"192.168.1.19" port:61614 usingSSL:YES];

/****/

or useing the following code

/****/

  MQTTSession *session2 = [[MQTTSession alloc] init];
    session.clientId = [UIDevice currentDevice].identifierForVendor.UUIDString;
    session.securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeNone];

    session.securityPolicy.allowInvalidCertificates = YES;
    session.securityPolicy.validatesCertificateChain = NO;
    session.securityPolicy.validatesDomainName = NO;

    session.keepAliveInterval = 3600;
    session.userName = @"test";
    session.password = @"password";
    [session2 connectToHost:@"192.168.1.19" port:61614 usingSSL:YES];

/****/

There will be an error in the

CFNetwork SSLHandshake failed (-9806) mqttTransport didFailWithError Error Domain=NSOSStatusErrorDomain Code=-9806 "(null)"

I want to konw if I use the MQTTSSLPinningModeNone is right or wrong

ckrey commented 7 years ago

This simply means that your server/broker is not expecting TLS/SSL on port 61614. Please check your server config and logs

DreamScy commented 7 years ago

@ckrey Thank you for your reply,Yet,Android can connect to the server use TLS/SSL,but ios cannot, The certificate of ios is from BKS types of certificates are transformed, I want to use no certificate to access the server (MQTTSSLPinningModeNone), Is there a problem with the code above?

DreamScy commented 7 years ago

@ckrey I may describe the less clear, there is no time to use TLS encryption can be a normal connection, but the use of the time, with the encrypted demo connection is not on, so far, Android can connect, IOS has been returned to 9806

zzp366 commented 7 years ago

@DreamScy I have also the same problem,so, can you tell me how to fix this bug?

ckrey commented 7 years ago

Android implentation does not check domain name in TLS encryption. So the error is there. You have to have a certificate on the broker that is valid for the hostname you are using.