Error while trying to sync via SSL

Hi everyone,

i'm trying to sync my data between an iOS-App and a CB server using the Sync Gateway and I want to use a crypted connection using SSL. This is my config-file, the certificate is a self-signed one:

{
   "interface":":4984",
   "adminInterface":":4985",
   "log":["REST","CRUD", "REST+", "HTTP+"],
   "SSLCert":"cert.pem",
   "SSLKey":"privkey.pem",
   "databases":{
      "couch-bucket":{
         "server":"http://localhost:8091",
         "bucket":"couch-bucket",
	 "users": {
             "GUEST": {"disabled": false, "admin_roles": ["admin"]},
	     "Admin": {"password": "1234","admin_roles": ["admin"]},
	     "User": {"password": "1234","admin_roles": ["user"]}
          },
	"roles": {
	     "admin": {"admin_channels": ["public","channelOne"]},
	     "user": {"admin_channels": ["public"]}
          },
         "sync":`function(doc, oldDoc) {
		channel(doc.channels);
		}`
      }
   }
}

Starting the Gateway works fine (synchronization without the SSL params in the Gateway's config file too). But when i start the synchronization using SSL i got the following error:

The operation couldn’t be completed. (NSURLErrorDomain error -1012.) 
(error=Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. 
NSURLErrorDomain error -1012.)" 
UserInfo=0x14d99e20 {
NSErrorFailingURLKey=https://192.168.5.29:4985/couch-bucket/_revs_diff,
NSErrorFailingURLStringKey=https://192.168.5.29:4985/couch-bucket/_revs_diff})
CFNetwork SSLHandshake failed (-9807)

So I tried to add the SSL certificate to my app using CBLReplication setAnchorCerts, but I still get the same error.

    NSString *resourcePath = [[NSBundle mainBundle] pathForResource:@"cert" ofType:@"pem"];
    NSData *certData = [NSData dataWithContentsOfFile:resourcePath];
 
    SecCertificateRef certificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
    CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **) &certificate, 1, NULL);
    // Convert the CFArrayRef to a NSArray
    NSArray *myArray = (__bridge NSArray *)certs;
    [CBLReplication setAnchorCerts:myArray onlyThese:NO];

I hope that anybody can help me

PS: I'm using Couchbase Server 2.2.0, Syncgateway 1.0.2, Couchbase Lite 1.0.1 (with 1.0.2 I got a error on compiling when I try to set the anchor certs) (community editions)

1 Answer

« Back to question.

This sounds very much like an SSL cert-checking bug that was fixed in 1.0.2.

Thanks for your fast reply!

You're right, there was a bug in 1.0.1. I downloaded the newest version and there was no compile error anymore and the error from yesterday is also gone . Unfortunately it is still not working. I got the error that my certificate seems to be invalid when I try to insert it by code. (installing the certificate on the device directly and not using the code below works, it's syncing!)

NSString *resourcePath = [[NSBundle mainBundle] pathForResource:@"server_crt" ofType:@"pem"];
    NSData *certData = [NSData dataWithContentsOfFile:resourcePath];
 
    SecCertificateRef certificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
    CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **) &certificate, 1, NULL);
    // Convert the CFArrayRef to a NSArray
    NSArray *myArray = (__bridge NSArray *)certs;
    [CBLReplication setAnchorCerts:myArray onlyThese:NO];

Please file a bug report on our issue tracker: https://github.com/couchbase/couchbase-lite-ios/issues/new