• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NSURLConnection and self-signed certs?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSURLConnection and self-signed certs?

  • Subject: Re: NSURLConnection and self-signed certs?
  • From: joe pezzillo <email@hidden>
  • Date: Sun, 13 Jun 2004 12:12:09 -0600
Thanks for the pointers, I looked at SecureTransport and tried to compile the "SSLSample" from the Apple developer site (it fails saying there's one error, but there are no errors shown in Xcode's Errors & Warnings list only a single warning about an OSStatus type variable possibly being used uninitialized in setCipherRestrictions).

Looking at the code, it also seems to be at a lower-level than I was hoping for. Presuming that this is also somewhere underneath NSURLConnection, then I'd like to be able to just call or access the "SSLSetAllowsAnyRoot" function or the setting it flips, as you suggest.

I also realize that it is of course preferred to only access sites with validly signed/trusted certificates, but a) in practice, we don't always have that option with sites that are out there and b) even without the valid cert, those sites still provide encryption of the data in transit (yes?).

Thanks for your help! Any other ideas or sample code are always welcome.

Joe

email@hidden


On Jun 12, 2004, at 8:14 PM, Wade Tregaskis wrote:

Can I use NSURLConnection to get data from an HTTPS server with a self-signed/unknown certificate?

If NSURLConnection uses SecureTransport, which from memory it does, then it's simply a matter of whether NSURLConnection gives you an appropriate interface to SecureTransport's manually authentication methods. If not, you'll have to drop down to the SecureTransport level.

Technically speaking it largely defeats the purpose of web-based SSL/TLS to accept self-signed certificates, in most scenario's at least. So the default behaviour is to never accept them (unless they're in the list of trusted roots, of course). As I alluded, SecureTransport does allow you to turn off the automatic authentication and use your own code to authenticate.

Wade Tregaskis (aim: wadetregaskis)
-- Sed quis custodiet ipsos custodes?
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • RE: NSURLConnection and self-signed certs?
      • From: "Wade Williams \(wwilliam\)" <email@hidden>
    • Re: NSURLConnection and self-signed certs?
      • From: Miro Jurišić <email@hidden>
    • Re: NSURLConnection and self-signed certs?
      • From: Wade Tregaskis <email@hidden>
    • Re: NSURLConnection and self-signed certs?
      • From: Zack Morris <email@hidden>
References: 
 >NSURLConnection and self-signed certs? (From: joe pezzillo <email@hidden>)

  • Prev by Date: Re: NSURLConnection and self-signed certs?
  • Next by Date: Re: NSURLConnection and self-signed certs?
  • Previous by thread: Re: NSURLConnection and self-signed certs?
  • Next by thread: Re: NSURLConnection and self-signed certs?
  • Index(es):
    • Date
    • Thread