iOS SSL twimg Error

ios
fabric
ats
ssl

#1

Seeing this error with user thumbnail images, using the latest Fabric with Twitter 2.2.0. It doesn’t happen all the time, but enough to be noticeable. I know I could bypass the ATS, but that’s being deprecated so isn’t an ideal solution.

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) 2016-06-20 11:54:03.525 NextMetro[14928:2354743] [TwitterKit] did encounter error with message "Failed to load image.": Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7f90fb011960>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=<CFArray 0x7f90f8cd6dd0 [0x10a5fca40]>{type = immutable, count = 4, values = ( 0 : <cert(0x7f90fb203f30) s: *.twimg.com i: DigiCert High Assurance CA-3> 1 : <cert(0x7f90fb2044f0) s: DigiCert High Assurance CA-3 i: DigiCert High Assurance EV Root CA> 2 : <cert(0x7f90fb047130) s: DigiCert High Assurance EV Root CA i: Baltimore CyberTrust Root> 3 : <cert(0x7f90fb046c80) s: Baltimore CyberTrust Root i: Baltimore CyberTrust Root> )}, NSUnderlyingError=0x7f90fb204a70 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7f90fb011960>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7f90f8cd6dd0 [0x10a5fca40]>{type = immutable, count = 4, values = ( 0 : <cert(0x7f90fb203f30) s: *.twimg.com i: DigiCert High Assurance CA-3> 1 : <cert(0x7f90fb2044f0) s: DigiCert High Assurance CA-3 i: DigiCert High Assurance EV Root CA> 2 : <cert(0x7f90fb047130) s: DigiCert High Assurance EV Root CA i: Baltimore CyberTrust Root> 3 : <cert(0x7f90fb046c80) s: Baltimore CyberTrust Root i: Baltimore CyberTrust Root> )}}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://pbs.twimg.com/profile_images/458541365966561280/oG2Y48UT_reasonably_small.jpeg, NSErrorFailingURLStringKey=https://pbs.twimg.com/profile_images/458541365966561280/oG2Y48UT_reasonably_small.jpeg, NSErrorClientCertificateStateKey=0} 2016-06-20 11:54:03.526 NextMetro[14928:2354743] [TwitterKit] Could not load image: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7f90fb011960>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=<CFArray 0x7f90f8cd6dd0 [0x10a5fca40]>{type = immutable, count = 4, values = ( 0 : <cert(0x7f90fb203f30) s: *.twimg.com i: DigiCert High Assurance CA-3> 1 : <cert(0x7f90fb2044f0) s: DigiCert High Assurance CA-3 i: DigiCert High Assurance EV Root CA> 2 : <cert(0x7f90fb047130) s: DigiCert High Assurance EV Root CA i: Baltimore CyberTrust Root> 3 : <cert(0x7f90fb046c80) s: Baltimore CyberTrust Root i: Baltimore CyberTrust Root> )}, NSUnderlyingError=0x7f90fb204a70 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7f90fb011960>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7f90f8cd6dd0 [0x10a5fca40]>{type = immutable, count = 4, values = ( 0 : <cert(0x7f90fb203f30) s: *.twimg.com i: DigiCert High Assurance CA-3> 1 : <cert(0x7f90fb2044f0) s: DigiCert High Assurance CA-3 i: DigiCert High Assurance EV Root CA> 2 : <cert(0x7f90fb047130) s: DigiCert High Assurance EV Root CA i: Baltimore CyberTrust Root> 3 : <cert(0x7f90fb046c80) s: Baltimore CyberTrust Root i: Baltimore CyberTrust Root> )}}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://pbs.twimg.com/profile_images/458541365966561280/oG2Y48UT_reasonably_small.jpeg, NSErrorFailingURLStringKey=https://pbs.twimg.com/profile_images/458541365966561280/oG2Y48UT_reasonably_small.jpeg, NSErrorClientCertificateStateKey=0}


#2

Thanks for reaching out on this @fluidpixel, is it always happening on specific tweets or timelines or just randomly? Any more details on how or when this is happening would be helpful.


#3

Interesting to see this. I have been getting this error too for some time.

It happens regardless of whether one uses the TWTRTimelineController or load tweets one-by-one into cells. It only happens sometimes, so it is hard to track down the error. When filling a view, it will occur for only a few or even all of the images. Re-building or reloading the view fixes the problem only sometimes.

One thought I had was that perhaps there is a problem with authorization. In my AppDelegate.swift I use the default public view instead of a specific API key.

import UIKit
import Fabric
import TwitterKit


@UIApplicationMain
class AppDelegate: UIResponder, UIApplicationDelegate {

    var window: UIWindow?


    func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?) -> Bool {
        // Override point for customization after application launch.
        Fabric.with([Twitter.self])
        return true
    }
 ....

I also thought it might have to do with the internet connection you have and whether it is able to set up a secure enough connection.

No clue though really,
Mike


#4

Hey @wintersRM4 and @fluidpixel,

I’ve been digging into this more and have discovered why this is happening. As a temporary workaround, you’ll need to add pbs.twimg.com as an ATS exception in your app’s info.plist. We’re working on a permanent solution, but more details here: https://twittercommunity.com/t/missing-images-in-twitter-kit-timelines-on-ios-9/58305

-Mike


Twimg.com iOS ATS Support
#5

Yep. That was it. I suggest reading about ATS and exceptions on this page to understand what’s going on:

Then you can just add the following code to your Info.plist file. Seems to fix the issue right away.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>pbs.twimg.com</key>
        <dict>
            <!--Include to allow subdomains-->
            <key>NSIncludesSubdomains</key>
            <true/>
            <!--Include to allow HTTP requests-->
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <!--Include to specify minimum TLS version-->
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
        </dict>
    </dict>
</dict>

#6

Thanks for confirming so quickly @wintersRM4 and happy coding!