views:

204

answers:

1

I need to work with private HTTPS API and client has incorrect certificate on the host. Certificate is for www.clienthost.com and I'm working with api.clienthost.com. So I need to connect via HTTPS to api.clienthost.com ignoring incorrect certificate but still make sure it is the one for www.clienthost.com and not something else. I found this answer: http://stackoverflow.com/questions/933331/how-to-use-nsurlconnection-to-connect-with-ssl-for-an-untrusted-cert and it seems to solve half of my problem but I'm trying to figure out how to still check certificate for host is one I expect to see and not different.

+1  A: 

Try implementing the delegate method for NSURLConnection

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

Then the following will contain the host

[[challenge protectionSpace] host]

You can then proceed by calling one of the following

continueWithoutCredentialForAuthenticationChallenge:

cancelAuthenticationChallenge:

useCredential:forAuthenticationChallenge:
adam
I guess it will not save me from accepting some self-made certificate with right host inside?
Igor Romanov
It should be the host where the certificate originates from. If you are worried about the possibility of this being faked, you should do some tests to determine that.Additionally, the NSURLCredential and NSURLProtectionSpace objects inside the NSURLAuthenticationChallenge provide access to other fields you can make security checks on.
adam