I want to ignore certificate verification, where and how to do it with XMLRPC web service?

M

4

I am accessing a web service and getting this error when trying to connect( web service is XMLRPC and I am using wordpress xmlrpc source code for request and handling repsonse):

Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “**.org” which could put your confidential information at risk."

WebService people are saying to ignore certificate verification part, so if someone has idea of how to do that will be of great help for me.

after some suggestion I used the below NSURLConnection delegate, stil same error

 -(BOOL)connection:(NSURLConnection *)connection  canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {  
 return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
 }   

 -(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {  
 if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])  
if ([trustedHosts containsObject:challenge.protectionSpace.host])  
  [challenge.sender useCredential:[NSURLCredential  credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];  
  [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

Marianmariana answered 12/10, 2010 at 15:53 Comment(0)

B

7

As aegzorz noted, [NSURLRequest +setAllowsAnyHTTPSCertificate:forHost:] is a private API and shouldn't be used in production code. Since it's a private API, it's a sure means of being rejected from the App Store. The published way to handle untrusted certs is to use the NSURLConnection delegate method -connection:canAuthenticateAgainstProtectionSpace: and -connection:didReceiveAuthenticationChallenge:.

There's a lot you can do with these APIs, handling every kind of authentication issue imaginable. I would suggest that you study Apple's sample code AdvancedURLConnections

Beckon answered 12/10, 2010 at 19:25 Comment(1)

Thanks for your reply, I can see what I should do, and I can do that when I am creating NSURLConnection on my own. In present i am using wordpress xmlrpc request and response to connect to web service so I'm not able to figure out how to do change in the request code. – Marianmariana 12/10, 2010 at 19:52

I

11

As of now Jay has given the right answer. But these two methods are deprecated now.

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace // deprecated over iOS 5.0. Not even called in iOS 7.0

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge // deprecated over iOS 5.0. Not even called in iOS 7.0

So instead of that you can use that method:

-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
    if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodServerTrust) {
        [[challenge sender] useCredential:[NSURLCredential credentialForTrust:[[challenge protectionSpace] serverTrust]] forAuthenticationChallenge:challenge];
    }
}

I have used this chunk of code to overcome the below listed error:

Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “app.*****.com” which could put your confidential information at risk.

Inebriate answered 20/7, 2014 at 5:58 Comment(1)

Thanks..that saved my 2 days work. Is there apple document to support this? – Stoeber 26/9, 2014 at 10:17

B

7

As aegzorz noted, [NSURLRequest +setAllowsAnyHTTPSCertificate:forHost:] is a private API and shouldn't be used in production code. Since it's a private API, it's a sure means of being rejected from the App Store. The published way to handle untrusted certs is to use the NSURLConnection delegate method -connection:canAuthenticateAgainstProtectionSpace: and -connection:didReceiveAuthenticationChallenge:.

There's a lot you can do with these APIs, handling every kind of authentication issue imaginable. I would suggest that you study Apple's sample code AdvancedURLConnections

Beckon answered 12/10, 2010 at 19:25 Comment(1)

Thanks for your reply, I can see what I should do, and I can do that when I am creating NSURLConnection on my own. In present i am using wordpress xmlrpc request and response to connect to web service so I'm not able to figure out how to do change in the request code. – Marianmariana 12/10, 2010 at 19:52

A

4

I'm using the following for testing in an app under development:

NSURL* url = // url to webservice
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];

Note that is a private API, don't use it in production code.

Arvell answered 12/10, 2010 at 16:2 Comment(0)

B

1

If you are using AFNetworking, you can use this code:

(Just as a temp client-side solution!)

AFHTTPSessionManager * apiManager = [AFHTTPSessionManager initWithBaseURL:[NSURL URLWithString:baseURL];
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
policy.allowInvalidCertificates = YES;
apiManager.securityPolicy = policy;

Briney answered 23/4, 2014 at 15:42 Comment(0)

Recommended topics

Hot tags