Evaluating server certificate
Posted
by
Raven
on Stack Overflow
See other posts from Stack Overflow
or by Raven
Published on 2010-10-11T08:14:40Z
Indexed on
2011/01/15
9:53 UTC
Read the original article
Hit count: 229
Hi, How can I detect a self signed certificate from a revoked or expired ones?
I'm using NSURLConnection and implementing connection:didReceiveAuthenticationChallenge: on delegate:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
NSURLProtectionSpace *tmpSpace=[challenge protectionSpace];
SecTrustRef currentServerTrust=[tmpSpace serverTrust];
SecTrustResultType trustResult;
OSStatus err = SecTrustEvaluate(currentServerTrust, &trustResult);
BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified));
if (trusted){
// Do something
}
}
}
Currently the "if (trusted){}" block only work for certificates trusted by iOS, I want it to work for others as well, but only if the certificate isn't revoked or expired.
The documentation is using SecTrustSettingsSetTrustSettings for changing the settings and reevaluate the trust. but I couldn't find this method (or the SecTrustSetting) for iOS, only for Mac.
Thanks
© Stack Overflow or respective owner