• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authentication and NSURLConnection sendSynchronousRequest
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication and NSURLConnection sendSynchronousRequest

  • Subject: Re: Authentication and NSURLConnection sendSynchronousRequest
  • From: Jens Alfke <email@hidden>
  • Date: Thu, 12 Jun 2008 09:44:28 -0700

On 12 Jun '08, at 8:35 AM, Paul E. Robichaux wrote:

@implementation NSURLRequest(NSHTTPURLRequest)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
   return YES;
}
@end

At the end of one of my .m files, the code builds, though I get warnings
that some other methods aren't implemented. The program then gives me an
NSURLDomainError -1203

I'm suspicious of that technique, since category methods really aren't allowed to override existing methods; I think the effects are "undefined". It's the kind of thing that I could imagine breaking under the rewritten Obj-C runtime in 10.5.

1. Is there a safer or better-supported way for me to get a look at the
returned certificate besides overriding allowsAnyHTTPSCertificateForHost? 

Well, this message from Marcel Borsten
	http://www.cocoabuilder.com/archive/message/cocoa/2008/3/4/200382
mentions another method:
	+ (void)setAllowsAnyHTTPSCertificate:(BOOL)fp8 forHost:(id)fp12;

So it looks as though you could just call
[NSURLConnection setAllowsAnyHTTPSCertificate: YES forHost: myHost];
You would just have to paste the @interface block (but NOT the @implementation) from that email into your code, so the compiler recognizes the existence of that method.

A better solution is to insert the cert into the keychain and mark it as trusted; but that isn't easy. If the user can get a ".cer" file of the server's cert, s/he can double-click it to add it to the keychain, then locate it in Keychain Access and mark it as trusted. Programmatically, it involves some twisty little APIs; I'd recommend using the higher-level wrappers in the open-source Keychain.framework (it's on sourceforge.)

3. What does -1203 really *mean*? 

From NSURLError.h:
    NSURLErrorServerCertificateHasUnknownRoot = -1203,

—Jens

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Authentication and NSURLConnection sendSynchronousRequest
      • From: "Paul E. Robichaux" <email@hidden>
References: 
 >Authentication and NSURLConnection sendSynchronousRequest (From: "Paul E. Robichaux" <email@hidden>)

  • Prev by Date: Re: how to prevent sleep mode when app is running
  • Next by Date: Re: Cocoa-dev Digest, Vol 5, Issue 1040
  • Previous by thread: Authentication and NSURLConnection sendSynchronousRequest
  • Next by thread: Re: Authentication and NSURLConnection sendSynchronousRequest
  • Index(es):
    • Date
    • Thread