On 25 Feb 2019, at 13:53, Alexander von Below <be...@mac.com> wrote:
> What could possibly be the difference between accessing the service via > hostname or via ip? You’re most likely being affected by App Transport Security (ATS). On iOS 10 (and its cohort) and later, ATS is always disabled for IP address connections. Thus, if you make a connection to an IP address, ATS won’t block it and you’ll get a server trust authentication challenge. If you do nothing in response to that challenge, the connection will fail because the server’s certificate doesn’t pass default HTTPS server trust evaluation. However, if you override that challenge and tell the system to allow the connection, it will go through. OTOH, if you make a connection to a DNS name, ATS will block that because the certificate used by the server doesn’t meet ATS’s strict security requirements. It’s possible that you could use an `NSExceptionDomains` entry to disable ATS for the DNS name used by your server. Once you do that, you can catch the server trust authentication challenge and override trust evaluation as discussed above. However, this may not be possible depending on the exact DNS name format used by your server. See the “NSAppTransportSecurity” section of the “Information Property List Key Reference” for details. <https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33> Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
