Re: NSURLDelegate: Differences between access by hostname or IP
Re: NSURLDelegate: Differences between access by hostname or IP
- Subject: Re: NSURLDelegate: Differences between access by hostname or IP
- From: Andreas Fink <email@hidden>
- Date: Mon, 25 Feb 2019 15:02:45 +0100
> On 25 Feb 2019, at 14:53, Alexander von Below <email@hidden> wrote:
>
> Hello Networking List,
>
> The setup:
>
> * We are an ISP, and we provide customers with internet access routers.
>
> * On these routers there is a Linux Container (lxc) running a service on an
> nginx.
>
> * The DHCP on the router is providing a hostname for the lxc in the local
> network.
>
> * The nginx has a self-signed certificate
>
> The problem:
>
> When we are accessing the service using NSURLSession using the IP of the lxc,
> the NSURLSessionDelegate’s „didReceiveChallenge“ is called as expected, and
> we can perform our own challenge handling. This is the expected behaviour
>
> When we are accessing the service in an identical manner but using the
> _hostname_, the task fails with an error -1200 "An SSL error has occurred and
> a secure connection to the server cannot be made.“ without ever calling the
> delegate.
If you are talking SSL, then there is always a certificate involved.
If you connect via IP, it is known that then the certificate can not be checked
and its validation might simply be skipped.
If you connect via hostname, the certificate has to match the hostname and the
certificate can be validated.
My guess is that the certificate's name doesn't match the hostname you use to
connect.
That would be logical to break irrespectively of if the signature is signed by
a known root or if its self signed.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden