• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to handle bad certificate error in NSURLDownload?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to handle bad certificate error in NSURLDownload?

  • Subject: Re: How to handle bad certificate error in NSURLDownload?
  • From: ainxow <email@hidden>
  • Date: Wed, 21 May 2008 13:44:27 -0500
On May 19, 2008, at 1:51 PM, Jens Alfke wrote:

I would guess that the Security framework is requiring user confirmation to allow the app to bypass certificate checking.


Well, no. NSURLRequest's setAllowsAnyHTTPSCertificate:forHost: does exactly that, immediately and without user confirmation.

One may (should) choose to use get user permission first. Could be a homegrown dialog, asking "Do you want to use a brute-force, unsupported private API to ignore this certificate and make this download work?" Or it could be via Security framework and SFCertificateTrustPanel, showing the certificate and what's wrong with it to the user before they make their choice. But setAllowsAnyHTTPSCertificate:forHost doesn't care whether you ask or not.

On 19 May '08, at 8:19 AM, parag vibhute wrote:


I implemented same but whenever I launched my application it asks to change
trust settings. Why is it like that?


It's unclear what you mean here. If you used the Security Framework and it asks if you want to change trust settings for the rejected certificate, well, yes, that's what it's supposed to do. If you truly don't care about the certificate, and don't mind using the private API, just check that exists, use it, reissue the download request, and the download will silently proceed. I don't do that in my shipping code, but can confirm it works.

(A broader question is why you want to do this. If it's due to certificate problems on machines with Safari 3.1.1 installed, a better approach than private API may be to wait for the problem to be fixed. Something is clearly amiss - example; I've been logging into my iPhone dev account since day one, but just yesterday Safari made me accept a developer.apple.com certificate "issued by an untrusted authority" to get in. Today, I deleted the certificate from Keychain, and still logged in without a hitch. Whatever causes this will surely be fixed soon.)
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: How to handle bad certificate error in NSURLDownload?

      • From: "parag vibhute" <email@hidden>
      • 





References: 


 >Re: How to handle bad certificate error in NSURLDownload? (From: ainxow <email@hidden>)


 >Re: How to handle bad certificate error in NSURLDownload? (From: "parag vibhute" <email@hidden>)


 >Re: How to handle bad certificate error in NSURLDownload? (From: Jens Alfke <email@hidden>)






    

  • Prev by Date:
Re: Cocoa Training....

    • 

  • Next by Date:
Re: Trying to understand -- please help...

    • 

  • Previous by thread:
Re: How to handle bad certificate error in NSURLDownload?

    • 

  • Next by thread:
Re: How to handle bad certificate error in NSURLDownload?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •