When we are connecting to AWS IoT using wss protocol on ios version 12.1.1, we were able to connect to IoT successfully, but immediately we could see onError event being triggered from IoT and then the connection gets closed. It tries to reconnect again but without any luck. The error we are getting from IoT is "{IsTrusted : true}". We are not using any certificates, just using a profile access key and secret key.
The same build is able to connect properly on ios 12.0.1, 12.1
IOS version:12.1.1(Not working version)
AWS IOT SDK:2.0.0
iOS 12.1.1 introduced Apple's new Certificate Transparency policy. From Apple's release notes:
iOS 12.1.1 requires that publicly-trusted Transport Layer Security (TLS) server authentication certificates issued after October 15, 2018 meet the Certificate Transparency policy to be evaluated as trusted on Apple platforms.
This policy is becoming a widespread standard which Google already enforces in its Chrome browser. Amazon knew this was coming and, in response to these new policies, released updates to their MQTT backend (AWS IoT) to include appropriate certification on a new endpoint. See https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/:
You must explicitly request an Amazon Trust Services endpoint for each region in your account. Any existing customer endpoint you have is most likely a VeriSign endpoint. If your endpoint has “-ats” at the end of the first subdomain, then it is an Amazon Trust Services endpoint. For example, ‘asdfasdf-ats.iot.us-east-2.amazonaws.com’ is an ATS endpoint.
In short, for my iOS App, we were using our AWS provided MQTT endpoint asdfasdf.iot.us-east-2.amazonaws.com (just an example), without the -ats. I updated the endpoint to asdfasdf-ats.iot.us-east-2.amazonaws.com and we were able to accomplish our SSL handshake.
I hope this helps with your issue! Good Luck!
来源:https://stackoverflow.com/questions/53675028/aws-iot-connection-is-getting-closed-on-ipad-os-v12-1-1