[[__NSArrayM insertObject:atIndex:]: object cannot be nil] [Cordova-Ios] App crash with SSL pinned active

silkimen / cordova-plugin-advanced-http

Cordova / Phonegap plugin for communicating with HTTP servers. Allows for SSL pinning!

MIT License

391 stars 313 forks source link

[[__NSArrayM insertObject:atIndex:]: object cannot be nil] [Cordova-Ios] App crash with SSL pinned active #507

Open FranciscoVega2 opened 12 months ago

FranciscoVega2 commented 12 months ago

Hi, I'm having a problem similar to issue #173, but that one is closed. I hope you can help me, please.

Describe the bug When I'm trying to make a POST request, my app crashes due to an NSException. This works fine on Android with the same code and .cer file.

System info

affected HTTP plugin version: [3.3.1]
affected platform(s) and version(s): [ iOS 14.2]
affected device(s): [ iPhone 6 plus]
cordova version: [11.1.0]
cordova platform version(s): [ ios 6.3.0, android 10.1.2]

Minimum viable code to reproduce const options = { method: 'post', data: { id: 12, message: 'test' }, headers: { Authorization: 'OAuth2: token' } };

cordova.plugin.http.sendRequest('https://google.com/', options, function(response) { // prints 200 console.log(response.status); }, function(response) { // prints 403 console.log(response.status);

//prints Permission denied console.log(response.error); });

xJosee commented 12 months ago

I have the same problem, it happens to me sometimes not always, when I make a post request the ios app crash, on android it works fine.

I make the request as: http.post()

azureshin commented 11 months ago

me too... I make the request as: http.post()

1686063615300

azureshin commented 11 months ago

The problem may lie in the "setServerTrustMode" function. If I use the following code, there will be an error.

cordova.plugin.http.setServerTrustMode('pinned', function () {
    cordova.plugin.http.get(url, $.extend(data, obj2), {}, function (response) {
        console.log(response)
    }, function (response) {
        if (response.status != -7) {
            alert(response.error);
        }
    });
}, function () {
    showAlert('err');
});

If I use the following code, it can run normally.

cordova.plugin.http.get(url, $.extend(data, obj2), {}, function (response) {
    console.log(response)
}, function (response) {
    if (response.status != -7) {
        alert(response.error);
    }
});

However, I cannot determine if it's a problem with the certificate path or a plugin issue. I have tried placing the certificate in various paths, but the error still occurs.

1686100679441

azureshin commented 11 months ago

I found the reason, it's an SSL issue.

The server.cer file works on Android but not on iOS. It's because the server.cer file is not correctly DER encoded.

https://github.com/silkimen/cordova-plugin-advanced-http/issues/84

You can refer to the following link to convert the cer file to DER encoding.