Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS handshake error on iPhone device #191

Closed
Hin-D opened this issue Jun 8, 2023 · 13 comments
Closed

TLS handshake error on iPhone device #191

Hin-D opened this issue Jun 8, 2023 · 13 comments

Comments

@Hin-D
Copy link

Hin-D commented Jun 8, 2023

The simulator is running smoothly. But I run it on iPhone and take this error
Error Domain=ZitiError Code=-53 "unexpected error"

On TLS handshake error getting a negative response code (-53)

Please help
@Hin-D
Copy link
Author

Hin-D commented Jun 8, 2023

How to modify to disable certificate verification during a request?

@smilindave26
Copy link
Member

The simulator is running smoothly. But I run it on iPhone and take this error Error Domain=ZitiError Code=-53 "unexpected error"

On TLS handshake error getting a negative response code (-53)

Please help

Can you send more info from the logs? You can access them via "Send Feedback", which will create an email with the logs attached. If you send the logs to help at openziti.org we'll see them.

@smilindave26
Copy link
Member

Certificates are required to establish the endpoint identity

@Hin-D
Copy link
Author

Hin-D commented Jun 12, 2023
edited
Loading

iPhone device log


[2023-06-12T02:20:18:434Z]    INFO CZiti:ZitiUrlManager.swift:134 host() *-*-*-*-* https://www.xxxxx intercepting none)
[2023-06-12T02:20:18:436Z]    INFO CZiti:ZitiUrlProtocol.swift:212 canInit() *-*-*-*-* is intercepting https://www.xxxxx
[2023-06-12T02:20:18:439Z]   DEBUG CZiti:ZitiUrlProtocol.swift:186 init() init <CZiti.ZitiUrlProtocol: 0x282598040>, Thread: Optional("com.apple.CFNetwork.CustomProtocols")
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:posture.c:211 ziti_send_posture_data() ztx[0] posture checks must_send set to TRUE, new_session_id[FALSE], must_send_every_time[TRUE], new_controller_instance[FALSE]
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:connect.c:531 process_connect() conn[0.1/Connecting] starting Dial connection for service[6|service|bgzs_bgzs] with session[clis87s084vwf17cncjad6wg2]
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:connect.c:414 ziti_connect() conn[0.1/Connecting] selected ch[ziti-edge-rt1@tls://r1.hn.rt.echa.xxx:6443] for best latency(10 ms)
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:connect.c:301 on_channel_connected() conn[0.1/Connecting] selected ch[ziti-edge-rt1@tls://r1.hn.rt.echa.xxx:6443] status[0]
(82986)[2023-06-12T02:20:18.440Z]   DEBUG ziti-sdk:channel.c:214 ziti_channel_add_receiver() ch[4] added receiver[1]
[2023-06-12T02:20:18:500Z]   ERROR CZiti:ZitiUrlProtocol.swift:310 ZitiUrlProtocol() -53 str
(82986)[2023-06-12T02:20:18.500Z]   DEBUG ziti-sdk:channel.c:221 ziti_channel_rem_receiver() ch[4] removed receiver[1]
(82986)[2023-06-12T02:20:18.500Z]   DEBUG ziti-sdk:connect.c:169 close_conn_internal() conn[0.1/Closed] removing
(82986)[2023-06-12T02:20:18.500Z]   DEBUG ziti-sdk:ziti.c:1597 grim_reaper() ztx[0] reaped 1 closed (out of 1 total) connections
2023-06-12 10:20:18.501126+0800 YCSDK_Example[82986:15835561] Task <361C30F4-7E29-47F7-A601-96492114C372>.<1> finished with error [-53] Error Domain=ZitiError Code=-53 "unexpected error" UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>"
), NSLocalizedDescription=unexpected error, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>}
2023-06-12 10:20:18.501630+0800 YCSDK_Example[82986:15834981] error = Error Domain=ZitiError Code=-53 "unexpected error" UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>"
), NSLocalizedDescription=unexpected error, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <361C30F4-7E29-47F7-A601-96492114C372>.<1>}

@Hin-D
Copy link
Author

Hin-D commented Jun 12, 2023
edited
Loading

iPhone simulator log

[2023-06-12T02:20:55:432Z]    INFO CZiti:ZitiUrlManager.swift:134 host() *-*-*-*-* https://www.xxxxx intercepting none)
[2023-06-12T02:20:55:433Z]    INFO CZiti:ZitiUrlProtocol.swift:212 canInit() *-*-*-*-* is intercepting https://www.xxxxx
[2023-06-12T02:20:55:434Z]   DEBUG CZiti:ZitiUrlProtocol.swift:186 init() init <CZiti.ZitiUrlProtocol: 0x600000bc0380>, Thread: Optional("com.apple.CFNetwork.CustomProtocols")
(66849)[2023-06-12T02:20:55.434Z]   DEBUG ziti-sdk:posture.c:211 ziti_send_posture_data() ztx[0] posture checks must_send set to TRUE, new_session_id[FALSE], must_send_every_time[TRUE], new_controller_instance[FALSE]
(66849)[2023-06-12T02:20:55.434Z]   DEBUG ziti-sdk:connect.c:521 process_connect() conn[0.0/Connecting] requesting 'Dial' session for service[6|service|bgzs_bgzs]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:ziti_ctrl.c:326 ctrl_body_cb() ctrl[c1.ctrl.echa.xxx] completed POST[/sessions] in 0.074 s
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:483 connect_get_net_session_cb() conn[0.0/Connecting] got session[clis89dr24vyu17cngpjwdjez] for service[6|service|bgzs_bgzs]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:posture.c:211 ziti_send_posture_data() ztx[0] posture checks must_send set to TRUE, new_session_id[FALSE], must_send_every_time[TRUE], new_controller_instance[FALSE]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:531 process_connect() conn[0.0/Connecting] starting Dial connection for service[6|service|bgzs_bgzs] with session[clis89dr24vyu17cngpjwdjez]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:414 ziti_connect() conn[0.0/Connecting] selected ch[ziti-edge-rt2@tls://r2.hn.rt.echa.xxx:6443] for best latency(7 ms)
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:connect.c:301 on_channel_connected() conn[0.0/Connecting] selected ch[ziti-edge-rt2@tls://r2.hn.rt.echa.xxx:6443] status[0]
(66849)[2023-06-12T02:20:55.508Z]   DEBUG ziti-sdk:channel.c:214 ziti_channel_add_receiver() ch[1] added receiver[0]
[2023-06-12T02:20:55:644Z]   DEBUG CZiti:ZitiUrlProtocol.swift:190 deinit() deinit <CZiti.ZitiUrlProtocol: 0x600000bc0380>, Thread: Optional("ziti_uv_loop_private")
2023-06-12 10:20:55.644877+0800 YCSDK_Example[66849:15203009] responseObject = {length = 65, bytes = 0x7b227265 73756c74 436f6465 223a2230 ... 73223a74 7275657d }

@Hin-D
Copy link
Author

Hin-D commented Jun 12, 2023

@smilindave26 Could you please show me where the modification is needed?

@smilindave26
Copy link
Member

A couple of things:

  • log messages from the CSDK (e.g., process_connect() show different line numbers when run on the device versus in the simulator. This suggests you are running different versions of software in the two logs
  • There should log messages when you start up indicating the version of the CSDK being used
  • I don't recognize ZitiUrlManager.swift. Is that a file you added?

Can you tell me more about how you built the project and the application you are developing/running?

@Hin-D
Copy link
Author

Hin-D commented Oct 13, 2023

Is this issue got resolved ? I am also facing this same error.

The issue has been resolved. I found the default CA certificate on MacOS, placed it in the project, and used this certificate in the default_tls_context parameter.

@febinAirindia
Copy link

That great, Can you share the sample code to use the certificate in default_tls_context parameter.

@smilindave26
Copy link
Member

@febinAirindia the CA bundle should be loaded automatically when you initialize Ziti. Are you using https://openziti.io/ziti-sdk-swift/Classes/Ziti.html#/c:@M@CZiti@objc(cs)Ziti(im)init::name:caPool: ? You can also load from a file via https://openziti.io/ziti-sdk-swift/Classes/Ziti.html#/c:@M@CZiti@objc(cs)Ziti(im)initFromFile:

@febinAirindia
Copy link

Yes I am using Ziti from saved json file.
func runZiti(completion: @escaping (Bool, Error?)->()) { ziti = Ziti(fromFile: outFile) if let ziti = ziti { ziti.runAsync { zErr in guard zErr == nil else { print("Unable to run Ziti: \(String(describing: zErr!))") completion(false, AIError.customError(msg: "Unable to run Ziti: \(String(describing: zErr!))")) return } ZitiLog.setLogLevel(.NONE) ZitiUrlProtocol.register(ziti) DispatchQueue.main.asyncAfter(deadline: .now() + 1) { completion(true, nil) } } } else { /// handle if no ziti outfile found debugPrint("No ziti outfile found") completion(false, AIError.customError(msg: "No ziti outfile found")) } }

@smilindave26
Copy link
Member

zid file was created from the callback of a successful Ziti.enroll()? Inspecting the file, you should see a czid.ca entry in the JSON. Does it look correctly populated with series of PEM certs?

@surennaidu
Copy link

The issue is fixed in the swift SDK release 0.30.21 - https://github.com/openziti/ziti-sdk-swift/releases/tag/0.30.21 . The problem was access to CA bundle on iOS

@Hin-D - if you have an active project that requires to secure mobile apps, we would be happy to assist.

@smilindave26 smilindave26 mentioned this issue Oct 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Hin-D @smilindave26 @surennaidu @febinAirindia