connectInternetReader throws certificate error on IOS in dev build

[inzqne]

Describe the bug
When attempting to connect to the Stripe S700 reader through connectInternetReader it throws this error:
{"code": "Unknown", "message": "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168. (redacted local IP)” which could put your confidential information at risk."}

To Reproduce
Steps to reproduce the behavior:

• Attempt to use connectInternetReader in an IOS dev build to an internet-enabled reader

Expected behavior
It connects successfully

Stripe Terminal React Native SDK version

^0.0.1-beta.16
with an Expo Dev Build

Smartphone:

• Device: iPhone 13 Pro
• OS: iOS 17.6.1

[mindy-stripe]

Hi @inzqne, thanks for your report. This message sounds like it could be a local networking issue, are you able to reproduce when connected to a different network (eg. different Wifi, mobile hotspot)?

You can reference this guide for troubleshooting reader connection issues: https://support.stripe.com/questions/the-stripe-terminal-javascript-sdk-is-encountering-dns-errors-when-connecting-to-an-internet-reader

If this is still reproducible, can you provide some more information about your setup? Reader serial numbers, timestamps of when this issue occurred would be helpful. Thanks!

[inzqne]

Hi @inzqne, thanks for your report. This message sounds like it could be a local networking issue, are you able to reproduce when connected to a different network (eg. different Wifi, mobile hotspot)?

You can reference this guide for troubleshooting reader connection issues: https://support.stripe.com/questions/the-stripe-terminal-javascript-sdk-is-encountering-dns-errors-when-connecting-to-an-internet-reader

If this is still reproducible, can you provide some more information about your setup? Reader serial numbers, timestamps of when this issue occurred would be helpful. Thanks!

Hi @mindy-stripe, I was able to reproduce the same issue on mobile hotspot. It seems to be some security-level issue but not really sure what is causing it. I also ran the network health check on the terminal and it said the connection was healthy.

Serial Number: STR70Z1C411006425
Timestamp: 6:52 PM PST

[JulleR]

Hi!. We're having the same issue with connecting to BBPOS WisePOS E from iOS debug builds. Release builds work, and Android debug builds work too. All running on the same Macbook so it's probably not a networking issue.

Calling connectInternetReader leads to this error in Xcode logs:

Task <AF188A1F-385C-4BDE-9867-4E73E35F988D>.<1> finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.10.187” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
    "<cert(0x11683b800) s: *.<random stuff>.device.stripe-terminal-local-reader.net i: R11>",
    "<cert(0x11683c000) s: R11 i: ISRG Root X1>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://192.168.10.187:4443/protojsonservice/JackRabbitService, NSErrorFailingURLStringKey=https://192.168.10.187:4443/protojsonservice/JackRabbitService, NSUnderlyingError=0x30376a430 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x30099c320>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9843, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9843, kCFStreamPropertySSLPeerCertificates=(
    "<cert(0x11683b800) s: *.<random stuff>.device.stripe-terminal-local-reader.net i: R11>",
    "<cert(0x11683c000) s: R11 i: ISRG Root X1>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <AF188A1F-385C-4BDE-9867-4E73E35F988D>.<1>",
    "LocalDataTask <053064BE-B1B0-4020-9B20-EB104C891BB8>.<17>"
), _kCFStreamErrorCodeKey=-9843, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <AF188A1F-385C-4BDE-9867-4E73E35F988D>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x30099c320>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.10.187” which could put your confidential information at risk.}

The same happens on both simulator (iPad with iOS 17.5) and on device (iPad Pro 11" with iPadOS 17.7 and 18.0.1)

Checking the certificate with OpenSSL, openssl s_client -connect 192.168.10.187:4443 didn't show anything peculiar to me.

WisePOS
Firmware: 5.00.01.26
Config version: SZZZ_FI_v3
Updater and reader: 2.26.5.0

Dev env
Expo 51.0.38
React Native 0.74.5
@stripe/stripe-react-native: 0.37.2,
@stripe/stripe-terminal-react-native: 0.0.1-beta.22

[JulleR]

The cause of our problem was expo-dev-client. I removed it and iOS debug build could connect to the terminal just fine. This comment helped to figure that out expo/expo#24096 (comment)

[inzqne]

The cause of our problem was expo-dev-client. I removed it and iOS debug build could connect to the terminal just fine. This comment helped to figure that out expo/expo#24096 (comment)

Good to know for the future. I ended up just using the server-side SDK and I found that to be much simpler, but not for operations like collecting inputs on the reader though (no async).