Re: How to handle bad certificate error in NSURLDownload?
Re: How to handle bad certificate error in NSURLDownload?
- Subject: Re: How to handle bad certificate error in NSURLDownload?
- From: ainxow <email@hidden>
- Date: Mon, 19 May 2008 09:52:07 -0500
On May 19, 2008, at 8:35 AM, "parag vibhute"
<email@hidden> wrote:
I am using NSURLDownload class to download a file through https.
But I get
error "bad server certificate". I know this error occurs when HTTPS
server
has bad certificate. I want to allow this download even though
certificate
is bad. So can anybody tell how can I handle this?
I searched google but found that there is following private API exists
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:
[[[error
userInfo] objectForKey:@"NSErrorFailingURLKey"] host]];
But since this is private API, I think I can't use it in commercial
application. Can I?
Someone else will have to address how advisable it is for a large
commercial app. But I can attest that the private API works fine in
a shipping app I wrote for a client.
Indeed, it seems unavoidable when Safari 3.1.1 is installed: it
changed something which results in many more invalid certificates,
even from developer.apple.com. Whether it is now correctly catching
invalid certificates that were previously being missed, or if it's a
new bug that is incorrectly flagging perfectly valid certificates, I
don't know. But if you must get around these somehow, the private API
is currently the only option AFAIK.
Using the Security Framework, you can let the user to see and accept
bad certificates, is better than silently allowing them
programmatically with no warning. I posted code for this about a
month ago which might be useful:
http://lists.apple.com/archives/cocoa-dev/2008/Apr/msg01413.html
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden