3

I'm using the following project for enabling APNS in my project:

https://github.com/stephenmuss/django-ios-notifications

I'm able to send and receive push notifications on my production app fine, but the sandbox apns is having strange issues which i'm not able to solve. It's constantly not connecting to the push service. When I do manually the _connect() on the APNService or FeedbackService classes, I get the following error:

  File "/Users/MyUser/git/prod/django/ios_notifications/models.py", line 56, in _connect
    self.connection.do_handshake()
Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')]

I tried recreating the APN certificate a number of times and constantly get the same error. Is there anything else i'm missing?

I'm using the endpoints gateway.push.apple.com and gateway.sandbox.push.apple.com for connecting to the service. Is there anything else I should look into for this? I have read the following:

Apns php error "Failed to connect to APNS: 110 Connection timed out."

Converting PKCS#12 certificate into PEM using OpenSSL

Error Using PHP for iPhone APNS

Community
  • 1
  • 1
KVISH
  • 12,097
  • 15
  • 79
  • 151
  • did you find the answer? how do you do push notifications with TLS? – liv a Nov 10 '14 at 08:04
  • When you connect to Apple's server, you can select the context to use. Check out the project that I used above for more guidance. That project works and is production ready. – KVISH Nov 10 '14 at 14:01

2 Answers2

5

Turns out Apple changed ssl context from SSL3 to TLSv1 in development. They will do this in Production eventually (not sure when). The following link shows my pull request which was accepted into the above project:

https://github.com/stephenmuss/django-ios-notifications/commit/879d589c032b935ab2921b099fd3286440bc174e

Basically, use OpenSSL.SSL.TLSv1_METHOD if you're using python or something similar in other languages.

Although OpenSSL.SSL.SSLv3_METHOD works in production, it may not work in the near future. OpenSSL.SSL.TLSv1_METHOD works in production and development.

UPDATE

Apple will remove SSL 3.0 support in production on October 29th, 2014 due to the poodle flaw.

https://developer.apple.com/news/?id=10222014a

KVISH
  • 12,097
  • 15
  • 79
  • 151
  • For those who are using apns-client: there's currently an open pull request for fixing this issue https://bitbucket.org/sardarnl/apns-client/pull-request/10/apple-sandbox-gateway-stopped-supporting/diff – lekksi Oct 09 '14 at 08:23
-1

I have worked on APN using python-django, for this you need three things URL, PORT and Certificate provided by Apple for authentication.

views.py

import socket, ssl, json, struct

theCertfile = '/tmp/abc.cert'      ## absolute path where certificate file is placed.
ios_url = 'gateway.push.apple.com'
ios_port = 2195
deviceToken = '3234t54tgwg34g'    ## ios device token to which you want to send notification

def ios_push(msg, theCertfile, ios_url, ios_port, deviceToken):

    thePayLoad = {
               'aps': {
                    'alert':msg,
                    'sound':'default',
                    'badge':0,
                    },
             }

    theHost = ( ios_url, ios_port )
    data = json.dumps( thePayLoad )

    deviceToken = deviceToken.replace(' ','')
    byteToken = deviceToken.decode('hex') # Python 2

    theFormat = '!BH32sH%ds' % len(data)
    theNotification = struct.pack( theFormat, 0, 32, byteToken, len(data), data )

    # Create our connection using the certfile saved locally
    ssl_sock = ssl.wrap_socket( socket.socket( socket.AF_INET, socket.SOCK_STREAM ), certfile = theCertfile )
    ssl_sock.connect( theHost )

    # Write out our data
    ssl_sock.write( theNotification )

    # Close the connection -- apple would prefer that we keep
    # a connection open and push data as needed.
    ssl_sock.close()

Hopefully this would work for you.

Sanchit Bansal
  • 59
  • 1
  • 6
  • 1
    This code works, but its not the answer. The reason is that for development you have to now use `TLS` not `SSL3`. `SSL3` still works in production but will be removed in near future. – KVISH Oct 08 '14 at 19:36