Evaluating server certificate

Posted by Raven on Stack Overflow See other posts from Stack Overflow or by Raven
Published on 2010-10-11T08:14:40Z Indexed on 2011/01/15 9:53 UTC
Read the original article Hit count: 229

Filed under:
|
|

Hi, How can I detect a self signed certificate from a revoked or expired ones?

I'm using NSURLConnection and implementing connection:didReceiveAuthenticationChallenge: on delegate:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
        NSURLProtectionSpace *tmpSpace=[challenge protectionSpace];
        SecTrustRef currentServerTrust=[tmpSpace serverTrust];
        SecTrustResultType trustResult;
        OSStatus err = SecTrustEvaluate(currentServerTrust, &trustResult);
        BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) ||                                          (trustResult == kSecTrustResultUnspecified));
        if (trusted){
            // Do something
        }
    }
}

Currently the "if (trusted){}" block only work for certificates trusted by iOS, I want it to work for others as well, but only if the certificate isn't revoked or expired.

The documentation is using SecTrustSettingsSetTrustSettings for changing the settings and reevaluate the trust. but I couldn't find this method (or the SecTrustSetting) for iOS, only for Mac.

Thanks

© Stack Overflow or respective owner

Related posts about iphone

Related posts about security