Hi Dev Forums and Quinn "The Eskimo!",
Short version
Is there sample NWConnection code available that behaves in a similar way to the higher level URLSession and URLRequest APIs?
Long version
My understanding from morning googling is that there is no way to make a TLS handshake happy using URLSession + URLRequest with an IP instead of FQDN.
I wonder if you could offer some guidance. I have a swift SDK that makes API requests to my service. Two major internet providers (Comcast and Spectrum) have, for reasons unknown, no A records for my api subdomain. You can see screenshots of dig commands here [1]
I have tried setting the TTL of the DNS records to be super short, and also enabled DNSSEC through cloudflare's dashboard, thinking someone was doing DNS poisoning. Yet, the problem persists in pockets.
On to my Great Idea. I want to cut out the ISP resolvers entirely as a source of problems, and instead have my SDK make a DNS over HTTPS call to cloudflare [2]
This brings about a new challenge. I can get two IPs from the call (these are IPs of my AWS Global Accelerator listener), but how do I use them? My first attempt was to throw them into the URL as https://\(IP)/my/path, and then second attempt was to add request.addValue("api.aiproxy.pro", forHTTPHeaderField: "Host"). Both produce:
An SSL error has occurred and a secure connection to the server cannot be made.
<snip>
NSErrorPeerCertificateChainKey=(
"<cert(0x11280a200) s: api.aiproxy.pro i: E5>",
"<cert(0x11280aa00) s: E5 i: ISRG Root X1>"
)
<snip>
NSURLErrorFailingURLPeerTrustErrorKey
From searching around, it looks like I need to drop to the network framework and use sec_protocol_options_set_tls_server_name.
Two questions:
- Is there a full working sample that I can start from instead of chipping my way through this?
- Is this a fool's errand
Thank you!
Lou Zell
[1] https://x.com/louzell_/status/1909791070265000346`
[2] https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https