NSURLConnection with SSL

Discussion in 'Mac Programming' started by siakus, Oct 5, 2006.

  1. siakus macrumors newbie

    Joined:
    May 2, 2006
    #1
    Hi guys, i am using objective C class NSURLConnection to download files from an https website. And i receive an exception: Bad certificate.
    Is there any way to tell the WebKit to accept this certificate or to accept all certificates?

    Thanks.
     
  2. siakus thread starter macrumors newbie

    Joined:
    May 2, 2006
    #2
    By the way, I am using cocoa xcode framework for Mac OS 10.4
     
  3. ghenriksen macrumors newbie

    Joined:
    Jan 9, 2010
    #3
    How to accept bad HTTPS certificates

    There is a supported API for ignoring bad certificates during NSURLConnection loads. To do so, simply add something like this to your NSURLConnection delegate:

    Code:
    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
      return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
    }
    
    - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
      if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
        if ([trustedHosts containsObject:challenge.protectionSpace.host])
          [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
      
      [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
    }
    Note that connection:didReceiveAuthenticationChallenge: can send its message to challenge.sender (much) later, say from a delegate method for an SFCertificateTrustPanel.

    --
    Gordon Henriksen
    Server Software Engineer
    Carbonite Inc.
     
  4. skunkworker macrumors regular

    Joined:
    Sep 9, 2007
    #4
    NSURLConnection does not like self-signed certificates, try getting one from a SSL certifier. Thats how you officially get around it without telling it to ignore the issues.
     

Share This Page