Re: How to handle bad certificate error in NSURLDownload?
Re: How to handle bad certificate error in NSURLDownload?
- Subject: Re: How to handle bad certificate error in NSURLDownload?
- From: Jens Alfke <email@hidden>
- Date: Mon, 19 May 2008 07:40:03 -0700
On 19 May '08, at 5:07 AM, parag vibhute wrote:
I am using NSURLDownload class to download a file through https. But
I get
error "bad server certificate". I know this error occurs when HTTPS
server
has bad certificate. I want to allow this download even though
certificate
is bad.
Why? Think hard about this. If you allow all bad certificates, you
should just turn off SSL completely, since it'll only be providing an
illusion of security. (Well, it'll hide the traffic from 3rd parties
eavesdropping, but it won't tell you anything about whether you're
connected to the right host.)
If you only want to allow certain bad certificates, then you'll need
to examine the SSL cert from the server before downloading, using the
Keychain APIs.
If the issue is that the cert is self-signed, or uses a root authority
that isn't trusted by the system, you can use Keychain APIs to add
that cert and mark it as trusted. If you do that, NSURLDownload won't
complain anymore.
—Jens
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden