Error while trying to sync via SSL

Diabolus333 · September 2, 2014, 1:08pm

Hi everyone,

i’m trying to sync my data between an iOS-App and a CB server using the Sync Gateway and I want to use a crypted connection using SSL. This is my config-file, the certificate is a self-signed one:
{
“interface”:":4984",
“adminInterface”:":4985",
“log”:[“REST”,“CRUD”, “REST+”, “HTTP+”],
“SSLCert”:“cert.pem”,
“SSLKey”:“privkey.pem”,
“databases”:{
“couch-bucket”:{
“server”:“http://localhost:8091”,
“bucket”:“couch-bucket”,
“users”: {
“GUEST”: {“disabled”: false, “admin_roles”: [“admin”]},
“Admin”: {“password”: “1234”,“admin_roles”: [“admin”]},
“User”: {“password”: “1234”,“admin_roles”: [“user”]}
},
“roles”: {
“admin”: {“admin_channels”: [“public”,“channelOne”]},
“user”: {“admin_channels”: [“public”]}
},
“sync”:function(doc, oldDoc) { channel(doc.channels); }
}
}
}

Starting the Gateway works fine (synchronization without the SSL params in the Gateway’s config file too). But when i start the synchronization using SSL i got the following error:

The operation couldn’t be completed. (NSURLErrorDomain error -1012.) (error=Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. NSURLErrorDomain error -1012.)" UserInfo=0x14d99e20 { NSErrorFailingURLKey=https://192.168.5.29:4985/couch-bucket/_revs_diff, NSErrorFailingURLStringKey=https://192.168.5.29:4985/couch-bucket/_revs_diff}) CFNetwork SSLHandshake failed (-9807)

So I tried to add the SSL certificate to my app using CBLReplication setAnchorCerts, but I still get the same error.

    NSString *resourcePath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"pem"];
    NSData *certData = [NSData dataWithContentsOfFile:resourcePath];
    
    SecCertificateRef certificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
    CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **) &certificate, 1, NULL);
    // Convert the CFArrayRef to a NSArray
    NSArray *myArray = (__bridge NSArray *)certs;
    [CBLReplication setAnchorCerts:myArray onlyThese:NO];

I hope that anybody can help me

PS: I’m using Couchbase Server 2.2.0, Syncgateway 1.0.2, Couchbase Lite 1.0.1 (with 1.0.2 I got a error on compiling when I try to set the anchor certs) (community editions)

jens · September 2, 2014, 4:25pm

This sounds very much like an SSL cert-checking bug that was fixed in 1.0.2.

Diabolus333 · September 3, 2014, 8:58am

Thanks for your fast reply!

You’re right, there was a bug in 1.0.1. I downloaded the newest version and there was no compile error anymore and the error from yesterday is also gone . Unfortunately it is still not working. I got the error that my certificate seems to be invalid when I try to insert it by code. (installing the certificate on the device directly and not using the code below works, it’s syncing!)

NSString *resourcePath = [[NSBundle mainBundle] pathForResource:@“server_crt” ofType:@“pem”]; NSData *certData = [NSData dataWithContentsOfFile:resourcePath];

SecCertificateRef certificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **) &certificate, 1, NULL);
// Convert the CFArrayRef to a NSArray
NSArray *myArray = (__bridge NSArray *)certs;
[CBLReplication setAnchorCerts:myArray onlyThese:NO];

jens · September 3, 2014, 4:05pm

Please file a bug report on our issue tracker: https://github.com/couchbase/couchbase-lite-ios/issues/new