What is the reason of kSecTrustResultRecoverableTrustFailure?

by

It may be a server certificate problem….

Check here, I solved my kSecTrustResultRecoverableTrustFailure problem, adding subjectAltName = DNS:example.com into openssl config file, specifically in server key generation…

If you are not using openssl to generate it, I’m sorry but I can help you.. Anyway if you want to use openssl, here is a good tutorial to generate those keys and sign then with your own root certificate authority.

From this tutorial, I just changed my openssl server config file to: 

    [ server ]
    basicConstraints = critical,CA:FALSE
    keyUsage = digitalSignature, keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth
    nsCertType = server
    subjectAltName = IP:10.0.1.5,DNS:office.totendev.com

Hope it helps !

EDITED:

My Server evaluation code:

#pragma mark - SERVER Auth Helper
//Validate server certificate with challenge
+ (BOOL)validateServerWithChallenge:(NSURLAuthenticationChallenge *)challenge {
//Get server trust management object a set anchor objects to validate it
SecTrustSetAnchorCertificates([challenge.protectionSpace serverTrust], (__bridge CFArrayRef)[self allowedCAcertificates]);
//Set to server trust management object to JUST ALLOW those anchor objects assigned to it (ABOVE), and disable apple CA trusts 
SecTrustSetAnchorCertificatesOnly([challenge.protectionSpace serverTrust], YES);
//Try to evalute it
SecTrustResultType evaluateResult = kSecTrustResultInvalid; //evaluate result
OSStatus sanityCheck = SecTrustEvaluate([challenge.protectionSpace serverTrust], &evaluateResult);
//Check for no evaluate error
if (sanityCheck == noErr) {
    //Check for result
    if ([[self class] validateTrustResult:evaluateResult]) { return YES ; }
}
//deny!
return NO ;
}
//Validate SecTrustResulType
+ (BOOL)validateTrustResult:(SecTrustResultType)result {
switch (result) {
    case kSecTrustResultProceed: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultProceed"); return YES ; }
        break;
    case kSecTrustResultConfirm: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultConfirm"); return YES ; }
        break;
    case kSecTrustResultUnspecified: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultUnspecified"); return YES ; }
        break;
    case kSecTrustResultDeny: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultDeny"); return YES ; }
        break;
    case kSecTrustResultFatalTrustFailure: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultFatalTrustFailure"); return NO ; }
        break;
    case kSecTrustResultInvalid: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultInvalid"); return NO ; }
        break;
    case kSecTrustResultOtherError: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultOtherError"); return NO ; }
        break;
    case kSecTrustResultRecoverableTrustFailure: { TDLog(kLogLevelHandshake,nil,@"kSecTrustResultRecoverableTrustFailure"); return NO ; }
        break;
    default: { TDLog(kLogLevelHandshake,nil,@"unkown certificate evaluate result type! denying..."); return NO ; }
        break;
}

}

Hope now it helps 🙂 !

More Related Contents:

  1. is possible to convert soap web services to xml format? [closed]
  2. How do I avoid capturing self in blocks when implementing an API?
  3. Why would you use an ivar?
  4. iOS: Compare two dates
  5. symbol(s) not found for architecture i386
  6. Why shouldn’t I subclass a UIButton?
  7. Capturing touches on a subview outside the frame of its superview using hitTest:withEvent:
  8. Xcode 4 “Clean” vs. “Clean Build Folder”
  9. Best practice using NSLocalizedString
  10. iOS AVFoundation: How do I fetch artwork from an mp3 file?
  11. UIButton events. What’s the difference?
  12. applicationMusicPlayer volume notification
  13. Is it possible to set a cookie manually using sharedHTTPCookieStorage for a UIWebView?
  14. ‘+entityForName: nil is not a legal NSManagedObjectContext parameter – Core Data
  15. Play Audio iOS Objective-C
  16. PBKDF2 using CommonCrypto on iOS
  17. UITextField subview of UITableViewCell, get indexPath of cell
  18. Manually loading a different localized nib in iOs
  19. How to identify previous view controller in navigation stack
  20. Current view controller from AppDelegate?
  21. iPhone – Differences among time zone convenience methods
  22. Making some code only run once
  23. Objective C: How to create a multi-line UITextField? [duplicate]
  24. Handle invalid accessToken with FBSession openActiveSessionWithReadPermissions in Facebook iOS 3.1.1 SDK
  25. Asynchronous NSURLConnection with NSOperation
  26. Application windows are expected to have a root view controller at the end of application launch warning
  27. Twitter Framework for ios6 how to login through settings from app
  28. Weird error message in Xcode 4.3 with LLDB
  29. Objective C: Send email without leaving app
  30. How to retrieve the most recent photo from Camera Roll on iOS?

Leave a Comment