I want to ignore certificate verification, where and how to do it with XMLRPC web service?
https://stackoverflow.com/questions/3916574
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am accessing a web service and getting this error when trying to connect( web service is XMLRPC and I am using wordpress xmlrpc source code for request and handling repsonse):
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “**.org” which could put your confidential information at risk."
WebService people are saying to ignore certificate verification part, so if someone has idea of how to do that will be of great help for me.
after some suggestion I used the below NSURLConnection delegate, stil same error
-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
if ([trustedHosts containsObject:challenge.protectionSpace.host])
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
Solution
As aegzorz noted, [NSURLRequest +setAllowsAnyHTTPSCertificate:forHost:] is a private API and shouldn't be used in production code. Since it's a private API, it's a sure means of being rejected from the App Store. The published way to handle untrusted certs is to use the NSURLConnection delegate method -connection:canAuthenticateAgainstProtectionSpace: and -connection:didReceiveAuthenticationChallenge:.
There's a lot you can do with these APIs, handling every kind of authentication issue imaginable. I would suggest that you study Apple's sample code AdvancedURLConnections
OTHER TIPS
As of now Jay has given the right answer. But these two methods are deprecated now.
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace // deprecated over iOS 5.0. Not even called in iOS 7.0
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge // deprecated over iOS 5.0. Not even called in iOS 7.0
So instead of that you can use that method:
-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodServerTrust) {
[[challenge sender] useCredential:[NSURLCredential credentialForTrust:[[challenge protectionSpace] serverTrust]] forAuthenticationChallenge:challenge];
}
}
I have used this chunk of code to overcome the below listed error:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “app.*****.com” which could put your confidential information at risk.
I'm using the following for testing in an app under development:
NSURL* url = // url to webservice
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];
Note that is a private API, don't use it in production code.
If you are using AFNetworking, you can use this code:
(Just as a temp client-side solution!)
AFHTTPSessionManager * apiManager = [AFHTTPSessionManager initWithBaseURL:[NSURL URLWithString:baseURL];
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
policy.allowInvalidCertificates = YES;
apiManager.securityPolicy = policy;
