• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NSURLDelegate: Differences between access by hostname or IP
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSURLDelegate: Differences between access by hostname or IP

  • Subject: Re: NSURLDelegate: Differences between access by hostname or IP
  • From: "Quinn \"The Eskimo!\"" <email@hidden>
  • Date: Mon, 25 Feb 2019 16:40:07 +0000
On 25 Feb 2019, at 13:53, Alexander von Below <email@hidden> wrote:

> What could possibly be the difference between accessing the service via
> hostname or via ip?

You’re most likely being affected by App Transport Security (ATS).  On iOS 10
(and its cohort) and later, ATS is always disabled for IP address connections.
Thus, if you make a connection to an IP address, ATS won’t block it and you’ll
get a server trust authentication challenge.  If you do nothing in response to
that challenge, the connection will fail because the server’s certificate
doesn’t pass default HTTPS server trust evaluation.  However, if you override
that challenge and tell the system to allow the connection, it will go through.

OTOH, if you make a connection to a DNS name, ATS will block that because the
certificate used by the server doesn’t meet ATS’s strict security requirements.

It’s possible that you could use an `NSExceptionDomains` entry to disable ATS
for the DNS name used by your server.  Once you do that, you can catch the
server trust authentication challenge and override trust evaluation as
discussed above.  However, this may not be possible depending on the exact DNS
name format used by your server.  See the “NSAppTransportSecurity” section of
the “Information Property List Key Reference” for details.

<https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33>

Share and Enjoy
--
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >NSURLDelegate: Differences between access by hostname or IP (From: Alexander von Below <email@hidden>)

  • Prev by Date: Re: NSURLDelegate: Differences between access by hostname or IP
  • Previous by thread: Re: NSURLDelegate: Differences between access by hostname or IP
  • Index(es):
    • Date
    • Thread