I need to work with private HTTPS API and client has incorrect certificate on the host. Certificate is for www.clienthost.com and I'm working with api.clienthost.com. So I need to connect via HTTPS to api.clienthost.com ignoring incorrect certificate but still make sure it is the one for www.clienthost.com and not something else. I found this answer: http://stackoverflow.com/questions/933331/how-to-use-nsurlconnection-to-connect-with-ssl-for-an-untrusted-cert and it seems to solve half of my problem but I'm trying to figure out how to still check certificate for host is one I expect to see and not different.
views:
204answers:
1
+1
A:
Try implementing the delegate method for NSURLConnection
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
Then the following will contain the host
[[challenge protectionSpace] host]
You can then proceed by calling one of the following
continueWithoutCredentialForAuthenticationChallenge:
cancelAuthenticationChallenge:
useCredential:forAuthenticationChallenge:
adam
2010-04-20 14:23:00
I guess it will not save me from accepting some self-made certificate with right host inside?
Igor Romanov
2010-04-20 14:54:12
It should be the host where the certificate originates from. If you are worried about the possibility of this being faked, you should do some tests to determine that.Additionally, the NSURLCredential and NSURLProtectionSpace objects inside the NSURLAuthenticationChallenge provide access to other fields you can make security checks on.
adam
2010-04-20 15:38:54