Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Overriding "Bad Server Certificate" error

There's still no public API for this (that I know of), though in 10.4 you can offer your customers slightly better solution than on older OS releases.

On 10.4 (or maybe 10.3.9, forget which) and above, in the userInfo of the NSError which is passed to your delegate method webView:didFailLoadWithError:, there is an object accessible by the key "NSCertificateChainKey" or something like that (forget offhand). You can pass that object on to the SecTrust* APIs in Security.framework and present the certificate trust sheet (in SecurityInterface.framework) which will allow the user to add the certificate to his or her keychain. This is the closest thing to a supported method for dealing with self-signed certificates that I know of.

On older OS releases, you can still subclass NSURLRequest, override the method + (BOOL)allowsAnyHTTPSCertificateForHost:, and pose your subclass as NSURLRequest. You can use whatever logic you like to determine whether or not the certificate should be trusted, I typically will run a sheet warning the user, then track the "user approved" trusted hosts in an array.

With a combination of the above methods you can offer pretty decent handling of self-signed (and other otherwise invalid) certificates.

If someone @apple.com is reading and has a better solution than the above, I am all ears :)

Hope this helps,

--dave


On Oct 19, 2005, at 6:22 AM, Michael Rybicki wrote:

I am using the webkit to create a browser application. Some sites that the browser can connect to have a certificate, but the certificate is invalid for one reason or another. Because of this, an NSURLErrorServerCertificatexxxxx error is thrown and access is blocked.

 

I am looking for a method by which one can override the error and allow access to the site. The last post I found on this was dated back in 2003 and the response was “Unfortunately there's no public API for that at this time.” Has this changed in cocoa? Is there a workaround?

 

Any tips/suggestions would be greatly appreciated. Thank you.

 

Michael Rybicki

Software Secure, Inc.

99 First Street

Cambridge MA 02141

617.354.7464

 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webkitsdk-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webkitsdk-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webkitsdk-dev/email@hidden

This email sent to email@hidden
References: 
 >Overriding "Bad Server Certificate" error (From: "Michael Rybicki" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.