tags:

views:

52

answers:

2
Q: 

I want to ignore certificate verification, where and how to do it with XMLRPC web service??

I am accessing a web service and getting this error when trying to connect( web service is XMLRPC and I am using wordpress xmlrpc source code for request and handling repsonse):

Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “**.org” which could put your confidential information at risk."

WebService people are saying to ignore certificate verification part, so if someone has idea of how to do that will be of great help for me.

after some suggestion I used the below NSURLConnection delegate, stil same error

 -(BOOL)connection:(NSURLConnection *)connection  canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {  
 return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
 }   

 -(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {  
 if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])  
if ([trustedHosts containsObject:challenge.protectionSpace.host])  
  [challenge.sender useCredential:[NSURLCredential  credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];  
  [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
A: 

I'm using the following for testing in an app under development:

NSURL* url = // url to webservice
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];

Note that is a private API, don't use it in production code.

aegzorz  2010-10-12 16:02:05
A: 

As aegzorz noted, [NSURLRequest +setAllowsAnyHTTPSCertificate:forHost:] is a private API and shouldn't be used in production code. Since it's a private API, it's a sure means of being rejected from the App Store. The published way to handle untrusted certs is to use the NSURLConnection delegate method -connection:canAuthenticateAgainstProtectionSpace: and -connection:didReceiveAuthenticationChallenge:.

There's a lot you can do with these APIs, handling every kind of authentication issue imaginable. I would suggest that you study Apple's sample code AdvancedURLConnections

Jay O'Conor  2010-10-12 19:25:39
Thanks for your reply, I can see what I should do, and I can do that when I am creating NSURLConnection on my own. In present i am using wordpress xmlrpc request and response to connect to web service so I'm not able to figure out how to do change in the request code.
Akki  2010-10-12 19:52:28

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode