iOS 5より新たにSecurity.frameworkというフレームワークが追加されました。このフレームワークはAppleが実装したSSL/TLS用のライブラリで、iOS 5よりCFNetwork系のクラス(NSURLConnectionなどの内部実装にも使われています)のSSL/TLS通信時に使われるようになったみたいです。
http://developer.apple.com/library/ios/#releasenotes/General/WhatsNewIniPhoneOS/Articles/iOS5.html の一番下にちょこっとだけ説明があるので、見てみると、
Security
The Security framework (Security.framework) now includes the Secure Transport interfaces, which are Apple’s implementation of the SSL/TLS protocols. You can use these interfaces to configure and manage SSL sessions, manage ciphers, and manage certificates.
For information about the Secure Transport interfaces, see the SecureTransport.h header file of the Security framework.
うむ、ドキュメント無いからヘッダ読めとはなかなか適当ですね。
普通にアプリを作っている最中にこのSecurity.frameworkを直接触る必要は全くないのですが、問題はこのSecurity.frameworkを使っているAppleのframeworkが通信時にSSL/TLS絡みのエラーを吐いたときに発生します。このとき、それらのフレームワークは以下のようなNSErrorを返してきます。
Error Domain=NSOSStatusErrorDomain Code=-9830 "The operation couldn’t be completed. (OSStatus error -9830.)
NSErrorの読み方はErrorDomainに指定されている文字列に応じてエラー番号が定義されているドキュメント/ヘッダファイルを見るというものなのですが、このNSErrorはNSOSStatusErrorDomainのErrorDomainを指定しているにも関わらず
<CarbonCore/MacErrors.h>にエラー番号の定義が全く書いていないのです!
色々原因を調べた結果、以下のQ&Aが見当たりました。
http://developer.apple.com/library/mac/#qa/qa1499/_index.html
どうやらSecurity.framework絡みのエラーはNSOSStatusErrorDomainを使っているがMacErrors.hではなく<Security/SecureTransport.h>などに定義が書いてあるみたいなのです。見てみると・・・
/*************************************************
*** OSStatus values unique to SecureTransport ***
*************************************************/
/*
Note: the comments that appear after these errors are used to create SecErrorMessages.strings.
The comments must not be multi-line, and should be in a form meaningful to an end user. If
a different or additional comment is needed, it can be put in the header doc format, or on a
line that does not start with errZZZ.
*/
enum {
errSSLProtocol = -9800, /* SSL protocol error */
errSSLNegotiation = -9801, /* Cipher Suite negotiation failure */
errSSLFatalAlert = -9802, /* Fatal alert */
errSSLWouldBlock = -9803, /* I/O would block (not fatal) */
errSSLSessionNotFound = -9804, /* attempt to restore an unknown session */
errSSLClosedGraceful = -9805, /* connection closed gracefully */
errSSLClosedAbort = -9806, /* connection closed via error */
errSSLXCertChainInvalid = -9807, /* invalid certificate chain */
errSSLBadCert = -9808, /* bad certificate format */
errSSLCrypto = -9809, /* underlying cryptographic error */
errSSLInternal = -9810, /* Internal error */
errSSLModuleAttach = -9811, /* module attach failure */
errSSLUnknownRootCert = -9812, /* valid cert chain, untrusted root */
errSSLNoRootCert = -9813, /* cert chain not verified by root */
errSSLCertExpired = -9814, /* chain had an expired cert */
errSSLCertNotYetValid = -9815, /* chain had a cert not yet valid */
errSSLClosedNoNotify = -9816, /* server closed session with no notification */
errSSLBufferOverflow = -9817, /* insufficient buffer provided */
errSSLBadCipherSuite = -9818, /* bad SSLCipherSuite */
/* fatal errors detected by peer */
errSSLPeerUnexpectedMsg = -9819, /* unexpected message received */
errSSLPeerBadRecordMac = -9820, /* bad MAC */
errSSLPeerDecryptionFail = -9821, /* decryption failed */
errSSLPeerRecordOverflow = -9822, /* record overflow */
errSSLPeerDecompressFail = -9823, /* decompression failure */
errSSLPeerHandshakeFail = -9824, /* handshake failure */
errSSLPeerBadCert = -9825, /* misc. bad certificate */
errSSLPeerUnsupportedCert = -9826, /* bad unsupported cert format */
errSSLPeerCertRevoked = -9827, /* certificate revoked */
errSSLPeerCertExpired = -9828, /* certificate expired */
errSSLPeerCertUnknown = -9829, /* unknown certificate */
errSSLIllegalParam = -9830, /* illegal parameter */
errSSLPeerUnknownCA = -9831, /* unknown Cert Authority */
errSSLPeerAccessDenied = -9832, /* access denied */
errSSLPeerDecodeError = -9833, /* decoding error */
errSSLPeerDecryptError = -9834, /* decryption error */
errSSLPeerExportRestriction = -9835, /* export restriction */
errSSLPeerProtocolVersion = -9836, /* bad protocol version */
errSSLPeerInsufficientSecurity = -9837, /* insufficient security */
errSSLPeerInternalError = -9838, /* internal error */
errSSLPeerUserCancelled = -9839, /* user canceled */
errSSLPeerNoRenegotiation = -9840, /* no renegotiation allowed */
/* non-fatal result codes */
errSSLPeerAuthCompleted = -9841, /* peer cert is valid, or was ignored if verification disabled*/
errSSLClientCertRequested = -9842, /* server has requested a client cert */
/* more errors detected by us */
errSSLHostNameMismatch = -9843, /* peer host name mismatch */
errSSLConnectionRefused = -9844, /* peer dropped connection before responding */
errSSLDecryptionFail = -9845, /* decryption failure */
errSSLBadRecordMac = -9846, /* bad MAC */
errSSLRecordOverflow = -9847, /* record overflow */
errSSLBadConfiguration = -9848, /* configuration error */
errSSLLast = -9849, /* end of range, to be deleted */
/* DEPRECATED aliases for errSSLPeerAuthCompleted */
errSSLServerAuthCompleted = -9841, /* server cert is valid, or was ignored if verification disabled DEPRECATED */
errSSLClientAuthCompleted = -9841, /* client cert is valid, or was ignored if verification disabled; reusing error as you can only be client or server - DEPRECATED */
};
ばっちり書いてますね。これでエラーの原因も特定できます。今回のケースはerrSSLIllegalParamだったみたいですね。