You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iPhone SDK: letting user trust SSL certificates for NSURLConnection

With the iPhone SDK Security APIs, there seems to be no way to programmatically allow the user to indicate that they trust a self-signed certificate (i.e. the equivalent of SFCertificateTrustPanel). True/False?

I've tried:
1) installing the cert (via email) - this changes the error returned from 1203 (bad server cert) to 1202 (untrusted certificate). Under Settings->General->Profiles, the cert shows "Unsigned".

2) visiting the https URL from within Safari and letting it continue to the website. Now Safari will encrypt sessions with this URL, but my application still cannot.

Why does Apple seem to think there is no utility to self-signed certificates - I just want to use SSL for encryption, not authentication...

I hope there is something I can do short of giving up on NSURLConnection and trying to port OpenSSL to use with NSInputStream???

Mac OS X (10.5.4)

Posted on Aug 7, 2008 12:30 AM

Reply
Question marked as Top-ranking reply

Posted on Aug 7, 2008 12:49 AM

I had the same problem. After some research I came across a solution that works but it's not officially supported. In your implementation class using NSURLRequest at the following lines:


@implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES; // Or whatever logic
}
@end


This overrides this method. Simply returning YES here is potentially dangerous of course so you may need to return YES in a more controlled fashion. But it should get you further.
5 replies
Question marked as Top-ranking reply

Aug 7, 2008 12:49 AM in response to digitalbeing

I had the same problem. After some research I came across a solution that works but it's not officially supported. In your implementation class using NSURLRequest at the following lines:


@implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES; // Or whatever logic
}
@end


This overrides this method. Simply returning YES here is potentially dangerous of course so you may need to return YES in a more controlled fashion. But it should get you further.

Oct 22, 2008 3:43 AM in response to DFuller

Hello everybody,

i've tried this solution and it work's fine.
Now, the problem is that sometimes I'm using NSData to request data from a server and this solution is not available for that class.
It would be great having an api to change the security policies for the entire application. I mean creating a policy object and setting it for the application.

Does anybody know how to do it?

Thanks in advance

iPhone SDK: letting user trust SSL certificates for NSURLConnection

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.