views:

1279

answers:

4

My iPhone application was rejected solely for using the (very safe, it seems) private method +setAllowsAnyHTTPSCertificate:forHost: for NSURLRequest. Is there a non-private API to emulate this functionality?

A: 

One really stupid workaround is to make your own category method:

@implementation NSURLRequest (IgnoreSSL)

+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
    return YES;
}

@end

This should get by Apple's private API checks, but it's still the same thing (using a private, undocumented API[1] that is liable to break at any time). Actually, it's worse since it allows everything, not just that host.

[1]: An private API that should be made public, but a private API nevertheless.

meeselet
From what I know of it, this will still not pass Apple's checks, as they appear to use a rather simple analysis based purely on selectors, not their usage.
Mike Abdullah
@Mike: Are you sure? I am not "using" the selector at all, only redefining it. It is Apple's internals that call it. Granted, this is not at all safe, but I don't see how it wouldn't pass Apple's checks.
meeselet
+1  A: 

Take a look at this link: http://www.abstractec.co.uk/blog/iPhone.php?itemid=70

Might be a better solution for you than just tricking the private API check.

ruffiano
Is it possible to use an NSURLConnection instead of a CFHTTPMessageRef? I would prefer the download be asynchronous.
meeselet
A: 

I am not saying about solution but suggestion. Have you thought to use ASIHttpRequest Framework for this? This framework is complete in all aspects. Do check the documentation, may be it can help you too.

Thanks, Madhup

Madhup
+1  A: 

There seems to be a public API for that ;) http://stackoverflow.com/questions/933331/how-to-use-nsurlconnection-to-connect-with-ssl-for-an-untrusted-cert/2033823#2033823

yonel
Thank you! Strange that Google didn't turn up this.
meeselet