How to cancel a persistent connection using NSURLConnection?

转载 2013年12月05日 14:37:52

转自:http://stackoverflow.com/questions/13369386/how-to-cancel-a-persistent-connection-using-nsurlconnection


Is it possible to destroy a persistent connection that has been created with NSURLConnection? I need to be able to destroy the persistent connection and do another SSL handshake.

As it is now, calling [conn cancel] leaves a persistent connection behind that gets used with the next connection request to that host, which I don't want to happen.

----------------------------------------


As it turns out, I believe the Secure Transport TLS session cache is to blame.

I also asked the question on the apple developer forums, and got a response from an Apple person. He pointed me to this Apple sample code readme where it says:

At the bottom of the TLS stack on both iOS and Mac OS X is a component known as Secure Transport. Secure Transport maintains a per-process TLS session cache. When you connect via TLS, the cache stores information about the TLS negotiation so that subsequent connections can connect more quickly. The on-the-wire mechanism is described at the link below.

http://en.wikipedia.org/wiki/Transport_Layer_Security#Resumed_TLS_handshake

This presents some interesting gotchas, especially while you're debugging. For example, consider the following sequence:

  1. You use the Debug tab to set the TLS Server Validation to Disabled.

  2. You connect to a site with a self-signed identity. The connection succeeds because you've disabled TLS server trust validation. This adds an entry to the Secure Transport TLS session cache.

  3. You use the Debug tab to set the TLS Server Validation to Default.

  4. You immediately connect to the same site as you did in step 2. This should fail, because of the change in server trust validation policy, but it succeeds because you never receive an NSURLAuthenticationMethodServerTrust challenge. Under the covers, Secure Transport has resumed the TLS session, which means that the challenge never bubbles up to your level.

  5. On the other hand, if you delay for 11 minutes between steps 3 and 4, things work as expected (well, fail as expected :-). This is because Secure Transport's TLS session cache has a timeout of 10 minutes.

In the real world this isn't a huge problem, but it can be very confusing during debugging. There's no programmatic way to clear the Secure Transport TLS session cache but, as the cache is per-process, you can avoid this problem during debugging by simply quitting and relaunching your application. Remember that, starting with iOS 4, pressing the Home button does not necessarily quit your application. Instead, you should use quit the application from the recent applications list.

So, based on that, a user would have to either kill their app and restart it or wait more than 10 minutes before sending another request.

I did another google search with this new information and found this Apple technical Q&A article that matches this problem exactly. Near the bottom, it mentions adding a trailing '.' to domain names (and hopefully IP addresses) for requests in order to force a TLS session cache miss (if you can't modify the server in some way, which I can't), so I am going to try this and hopefully it will work. I will post my findings after I test it.

### EDIT ###

I tested adding a '.' to the end of the ip address, and the request was still completed successfully.

But I was thinking about the problem in general, and there's really no reason to force another SSL handshake. In my case, the solution to this problem is to keep a copy of the last known SecCertificateRef that was returned from the server. When making another request to the server, if a cached TLS session is used (connection:didReceiveAuthenticationChallenge: was not called), we know that the saved SecCertificateRef is still valid. If connection:didReceiveAuthenticationChallenge: is called, we can get the new SecCertificateRef at that time.


相关文章推荐

How to Make an HTTP Connection Using TCP/IP with RSocket

Reviewer Approved     The following code shows how to make an HTTP connection using a TCP/IP wit...

Core Data Versioning How to migrate your Core Data persistent store

Core Data Versioning How to migrate your Core Data persistent store by Marcus S. Zarra Introductio...
  • ch_soft
  • ch_soft
  • 2011年08月10日 10:01
  • 1423

Connection to Auxilary using connect string failed with ORA-12528 [ID 419440.1]

Connection to Auxilary using connect string failed with ORA-12528 [ID 419440.1] Modified 15-FEB-2011...

using the Connector/J connection property 'autoReconnect=true' to avoid this problem.

日志:using the Connector/J connection property 'autoReconnect=true' to avoid this problem.   \ 订阅 ...
  • zljjava
  • zljjava
  • 2012年09月19日 15:01
  • 10722

How to known Android data connection reset? (socket side)

近日解决了一个问题,就是当移动数据连接突然断开或手机进入到了飞行模式,youtube在线播放视频并没有提示用户当前网络不可用。其实大部分的Android应用在数据连接断开后或者手机进入飞行模式都会收到...

How to keep CoreBluetooth connection alive between views

How to keep CoreBluetooth connection alive between views asked by Simon Bøgh on Jan 11 2016 23:05...

How to configure SSL +External connection for IBM TDS6.2 LDAP server

Before you start to do those configuration, you should prepare some tools. 1.Tools ikeyman from ...

如何关闭Golang中的HTTP连接 How to Close Golang's HTTP connection

(我自己也碰到过这个问题。做过一段时间爬虫。如果要访问的网页是离散的,大量的。如果不尽早的关闭连接,会导致路由器的连接数大量超标。可能好一点的路由器可承受2万/3万,甚至6万8万的连接数,但是一个网页...

CentOS7: How to resolve curl#56 - "Recv failure: Connection reset by peer"

Issue: When you execute Yum installation or update, you may encounter following error: Loaded plugin...

How to configure the C3P0 connection pool in Hibernate

Connection PoolConnection pool is good for performance, as it prevents Java application create a con...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:How to cancel a persistent connection using NSURLConnection?
举报原因:
原因补充:

(最多只允许输入30个字)