Supported API for handling bad server certificates in NSURLConnection
Supported API for handling bad server certificates in NSURLConnection
- Subject: Supported API for handling bad server certificates in NSURLConnection
- From: Gordon Henriksen <email@hidden>
- Date: Sat, 09 Jan 2010 10:42:56 -0500
[This is a faux follow-up to several year-old post in hopes of supplanting in Google the widespread information about using the private methods allowsAnyHTTPSCertificateForHost: and setAllowsAnyCertificate:forHost: and complete lack of information on the supported mechanism for accomplishing the same end.]
There is a supported API for ignoring bad certificates! Add something like this to your NSURLConnection delegate:
- (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
- (void)connection:(NSURLConnection *)connection
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
if ([trustedHosts containsObject:challenge.protectionSpace.host])
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]
forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
Note that connection:didReceiveAuthenticationChallenge: can send its message to challenge.sender (much) later, after presenting a dialog box to the user if necessary, etc.
--
Gordon Henriksen
Server Software Engineer
Carbonite Inc.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden