5 Replies Latest reply: Oct 22, 2008 4:18 AM by ajsg@iberiainformatica.es
digitalbeing Level 1 (0 points)
With the iPhone SDK Security APIs, there seems to be no way to programmatically allow the user to indicate that they trust a self-signed certificate (i.e. the equivalent of SFCertificateTrustPanel). True/False?

I've tried:
1) installing the cert (via email) - this changes the error returned from 1203 (bad server cert) to 1202 (untrusted certificate). Under Settings->General->Profiles, the cert shows "Unsigned".

2) visiting the https URL from within Safari and letting it continue to the website. Now Safari will encrypt sessions with this URL, but my application still cannot.

Why does Apple seem to think there is no utility to self-signed certificates - I just want to use SSL for encryption, not authentication...

I hope there is something I can do short of giving up on NSURLConnection and trying to port OpenSSL to use with NSInputStream???

Mac OS X (10.5.4)
  • RickMaddy Level 4 (1,320 points)
    I had the same problem. After some research I came across a solution that works but it's not officially supported. In your implementation class using NSURLRequest at the following lines:


    @implementation NSURLRequest(DataController)
    + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
    {
    return YES; // Or whatever logic
    }
    @end


    This overrides this method. Simply returning YES here is potentially dangerous of course so you may need to return YES in a more controlled fashion. But it should get you further.
  • mazzilli Level 1 (0 points)
    Hi all,

    I haven't tried this solutionyet, I wonder however if there is a solution for this problem. Right now I am getting a 'Error - bad server certificate'.
    Isn't possible to install our own CA certificate?

    Rod
  • DFuller Level 1 (5 points)
    I'm new to this and haven't yet tried HTTPS URL's, but, how would one get the details of the Certificate to present for acceptance by the user in your example?
  • ajsg@iberiainformatica.es Level 1 (0 points)
    Hello everybody,

    i've tried this solution and it work's fine.
    Now, the problem is that sometimes I'm using NSData to request data from a server and this solution is not available for that class.
    It would be great having an api to change the security policies for the entire application. I mean creating a policy object and setting it for the application.

    Does anybody know how to do it?

    Thanks in advance
  • ajsg@iberiainformatica.es Level 1 (0 points)
    Hi there,

    sorry but I was wrong. It seems that placing the categorized NSURLRequest implementation in any place in your code, all request bypass the certificate trust issue.

    Now my problem is solved, but still is a non official solution...

    Thanks million