tags:

views:

445

answers:

2
+2  Q: 

How to verify a website certificate in Cocoa Touch?

I currently open an https connection to a web server using NSURLConnection. Everything works as it should and I am able to retrieve the page content I am after. The certificate is issued by VeriSign and I assume NSURLConnection does some work to verify the authenticity of the certificate to some extent? If I connected to the same website through mobile safari it would extract from the certificate, and display the Organization (of the website) in the navigation bar. Is it possibly to extract these same details in Cocoa Touch as I too would like to present them to the user? Also would verifying the server’s host name against that certificate be reasonable enough to assume website is legitimate?

+1  A: 

NSURLConnection will give you an error (NSURLErrorDomain) if you attempt to connect to a server with an invalid certificate (e.g. it's self signed, out of date, has the wrong host etc.). So you don't actually need to do any verification yourself, because it's all handled for you.

If you really want/need to display an SSL certificate summary in your UI, you'll need to drop down a layer from NSURLConnection and use low-level CFNetwork API instead. Once you have a CFReadStreamRef that's in the kCFStreamEventEndEncountered state, you should be able to do the following (assuming your stream handle is called readStream):

NSArray *certificates = [(NSDictionary*)CFReadStreamCopyProperty(readStream, kCFStreamPropertySSLPeerCertificates) autorelease]; 
if ([certificates count] > 0) { 
  SecCertificateRef certificate = (SecCertificateRef)[certificates objectAtIndex:0]; 
  NSString *description = [(NSString*)SecCertificateCopySubjectSummary(certificate) autorelease]; 
  NSData *data = [(NSData *)SecCertificateCopyData(certificate) autorelease]; 
}

You'll need to decode the information held in data if you want to access the various properties of the certificate, but the summary held in description might be enough for your purposes.

Nathan de Vries  2009-08-10 07:47:56
Thanks for the help Nathan, dropping a layer like you suggested did the trick! Although not really a problem, shouldn't your NSDictionary* cast be an NSArray* instead?
Deon Botha  2009-08-11 08:21:04
A: 

u want to import the certificate from server ? is inm right?

sandy  2009-08-10 09:31:21

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode