Re: How to handle bad certificate error in NSURLDownload?
Re: How to handle bad certificate error in NSURLDownload?
- Subject: Re: How to handle bad certificate error in NSURLDownload?
- From: ainxow <email@hidden>
- Date: Wed, 21 May 2008 13:44:27 -0500
On May 19, 2008, at 1:51 PM, Jens Alfke wrote:
I would guess that the Security framework is requiring user
confirmation to allow the app to bypass certificate checking.
Well, no. NSURLRequest's setAllowsAnyHTTPSCertificate:forHost: does
exactly that, immediately and without user confirmation.
One may (should) choose to use get user permission first. Could be a
homegrown dialog, asking "Do you want to use a brute-force,
unsupported private API to ignore this certificate and make this
download work?" Or it could be via Security framework and
SFCertificateTrustPanel, showing the certificate and what's wrong
with it to the user before they make their choice. But
setAllowsAnyHTTPSCertificate:forHost doesn't care whether you ask or
not.
On 19 May '08, at 8:19 AM, parag vibhute wrote:
I implemented same but whenever I launched my application it asks
to change
trust settings. Why is it like that?
It's unclear what you mean here. If you used the Security Framework
and it asks if you want to change trust settings for the rejected
certificate, well, yes, that's what it's supposed to do. If you truly
don't care about the certificate, and don't mind using the private
API, just check that exists, use it, reissue the download request,
and the download will silently proceed. I don't do that in my
shipping code, but can confirm it works.
(A broader question is why you want to do this. If it's due to
certificate problems on machines with Safari 3.1.1 installed, a
better approach than private API may be to wait for the problem to be
fixed. Something is clearly amiss - example; I've been logging into
my iPhone dev account since day one, but just yesterday Safari made
me accept a developer.apple.com certificate "issued by an untrusted
authority" to get in. Today, I deleted the certificate from Keychain,
and still logged in without a hitch. Whatever causes this will surely
be fixed soon.)
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden