Custom SSL trust settings
Custom SSL trust settings
- Subject: Custom SSL trust settings
- From: Ryan Govostes <email@hidden>
- Date: Wed, 28 Jan 2009 02:44:03 -0500
I have set up a certificate authority and would like my program, using
NSURLConnection, to trust any certificate signed by the authority.
Furthermore, I would like it to *not* trust any certificate which was
not signed by my authority.
The easiest way to do this is to add the root certificate to the
Keychain. This has some drawbacks:
- It requires unwelcome user interaction.
- It trusts all certificates in the Keychain.
So, I would like to be able to explicitly control trust in my code. I
cannot see any documentation on NSURLConnection related to this; is
there a way to control its trust verification?
I did find through some poking around that, beyond the scope of any
documentation, NSURLRequest wraps CFURLRequest (e.g., -[NSURLRequest
_initWithCFURLRequest:] and -[[NSURLRequest _internal]
_CFURLRequest]). From that CFURLRequest, it would appear that the
function CFURLRequestSetSSLProperties from CFNetwork would give me
what I want. (WebCore, for instance, uses this.)
However, we are trying to avoid private interfaces, especially in
critical code like this. Also, we can drop down into the public
CFNetwork functions as needed, but I don't see anything there either.
Thanks for your help,
Ryan Govostes
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden