Guard Snodes not being tested on cloned repo

[Dodo0303]

I wanted to test the code, but I'm experiencing issues connecting to service nodes. While building the path for the first time, the guard nodes that have to be tested cause this error:

GET request to https://89.58.2.189:22132/get_stats/v1 failed due to error: URLError(_nsError: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x7fcd239a3e00) s: localhost i: localhost>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://89.58.2.189:22132/get_stats/v1, NSErrorFailingURLStringKey=https://89.58.2.189:22132/get_stats/v1, NSUnderlyingError=0x6000019dee80 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x6000027b24e0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=( "<cert(0x7fcd239a3e00) s: localhost i: localhost>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <026720E1-8D9C-4D0F-BD7E-3B0D024510AC>.<445>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <026720E1-8D9C-4D0F-BD7E-3B0D024510AC>.<445>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x6000027b24e0>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}).

Is there something wrong with on my side?

[mpretty-cyro]

Hey @Dodo0303, thanks for reporting this - it looks like something has gone wrong with the certificates used to authenticate with the service node it's trying to test, it's a bit hard to say exactly what without debugging further

In the next release we are changing the network transport layer to use QUIC instead of HTTPS (see PR #960) which will mean we don't need to deal with the SSL certificates anymore so it might be best to try again once that release comes out (we are hoping to release within the next week)

[Dodo0303]

Thanks @mpretty-cyro ! What made me curious about the issue is that the urlSession delegate that is being called should in theory ignore self-signed certificates. I'm sure that the right delegate is being called. Any ideas?

[mpretty-cyro]

Thanks @mpretty-cyro ! What made me curious about the issue is that the urlSession delegate that is being called should in theory ignore self-signed certificates. I'm sure that the right delegate is being called. Any ideas?

Oh, did you build the code yourself using XCode 15 and the iOS 17 SDK?

The main reason we have prioritised PR #960 is because Apple have mandated any new iOS updates as of the end of April must be built using the iOS 17 SDK and one of the changes included in the iOS 17 SDK was a tweak to the "Apple Transport Security" settings so that requests sent to IP addresses need to be signed with certificates generated using a set of pre-approved root certificates (so self-signed certificates no longer work and we essentially can't connect to any of our service nodes 🙄) - I have included a few links about the change in this comment https://github.com/oxen-io/session-ios/issues/882#issuecomment-2094976877 in case this happens to be the issue you're having

[Dodo0303]

Oh, did you build the code yourself using XCode 15 and the iOS 17 SDK?

I did!

That should explain everything. Thanks for the quick response!