5 Replies Latest reply: Oct 22, 2008 4:18 AM by ajsg@iberiainformatica.es
digitalbeing Level 1 Level 1 (0 points)
With the iPhone SDK Security APIs, there seems to be no way to programmatically allow the user to indicate that they trust a self-signed certificate (i.e. the equivalent of SFCertificateTrustPanel). True/False?

I've tried:
1) installing the cert (via email) - this changes the error returned from 1203 (bad server cert) to 1202 (untrusted certificate). Under Settings->General->Profiles, the cert shows "Unsigned".

2) visiting the https URL from within Safari and letting it continue to the website. Now Safari will encrypt sessions with this URL, but my application still cannot.

Why does Apple seem to think there is no utility to self-signed certificates - I just want to use SSL for encryption, not authentication...

I hope there is something I can do short of giving up on NSURLConnection and trying to port OpenSSL to use with NSInputStream???

Mac OS X (10.5.4)