Re: How to handle bad certificate error in NSURLDownload?

Wed, 21 May 2008 11:44:47 -0700 

On May 19, 2008, at 1:51 PM, Jens Alfke wrote:
I would guess that the Security framework is requiring user confirmation to allow the app to bypass certificate checking. 



Well, no. NSURLRequest's setAllowsAnyHTTPSCertificate:forHost: does  
exactly that, immediately and without user confirmation.



One may (should) choose to use get user permission first. Could be a  
homegrown dialog, asking "Do you want to use a brute-force,  
unsupported private API to ignore this certificate and make this  
download work?" Or it could be via Security framework and  
SFCertificateTrustPanel, showing the certificate and what's wrong  
with it to the user before they make their choice. But  
setAllowsAnyHTTPSCertificate:forHost doesn't care whether you ask or  
not.



On 19 May '08, at 8:19 AM, parag vibhute wrote:



I implemented same but whenever I launched my application it asks  
to change

trust settings. Why is it like that?




It's unclear what you mean here. If you used the Security Framework  
and it asks if you want to change trust settings for the rejected  
certificate, well, yes, that's what it's supposed to do. If you truly  
don't care about the certificate, and don't mind using the private  
API, just check that exists, use it, reissue the download request,  
and the download will silently proceed. I don't do that in my  
shipping code, but can confirm it works.



(A broader question is why you want to do this. If it's due to  
certificate problems on machines with Safari 3.1.1 installed, a  
better approach than private API may be to wait for the problem to be  
fixed. Something is clearly amiss - example; I've been logging into  
my iPhone dev account since day one, but just yesterday Safari made  
me accept a developer.apple.com certificate "issued by an untrusted  
authority" to get in. Today, I deleted the certificate from Keychain,  
and still logged in without a hitch. Whatever causes this will surely  
be fixed soon.)

_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to [EMAIL PROTECTED]






















					Reply via email to