Hi, How can I detect a self signed certificate from a revoked or expired ones?
I'm using NSURLConnection and implementing connection:didReceiveAuthenticationChallenge: on delegate:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
NSURLProtectionSpace *tmpSpace=[challenge protectionSpace];
SecTrustRef currentServerTrust=[tmpSpace serverTrust];
SecTrustResultType trustResult;
OSStatus err = SecTrustEvaluate(currentServerTrust, &trustResult);
BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified));
if (trusted){
// Do something
}
}
}
Currently the "if (trusted){}" block only work for certificates trusted by iOS, I want it to work for others as well, but only if the certificate isn't revoked or expired.
The documentation is using SecTrustSettingsSetTrustSettings for changing the settings and reevaluate the trust. but I couldn't find this method (or the SecTrustSetting) for iOS, only for Mac.
Thanks