On 6/12/08 12:44 PM, "Jens Alfke" <[EMAIL PROTECTED]> wrote:
>
> On 12 Jun '08, at 8:35 AM, Paul E. Robichaux wrote:
>
>> @implementation NSURLRequest(NSHTTPURLRequest)
>> + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
>> {
>> return YES;
>> }
>> @end
>>
>> At the end of one of my .m files, the code builds, though I get
>> warnings
>> that some other methods aren't implemented. The program then gives
>> me an
>> NSURLDomainError -1203
>
> I'm suspicious of that technique, since category methods really aren't
> allowed to override existing methods; I think the effects are
> "undefined". It's the kind of thing that I could imagine breaking
> under the rewritten Obj-C runtime in 10.5.
Calling it a "technique" is being very generous :) I was suspicious of it as
well. I'm still at the try-things-without-knowing-what-they-actually-do
stage of my Cocoa career, so I decided to give it a whirl.
>> 1. Is there a safer or better-supported way for me to get a look at
>> the
>> returned certificate besides overriding
>> allowsAnyHTTPSCertificateForHost?
>
> Well, this message from Marcel Borsten
> http://www.cocoabuilder.com/archive/message/cocoa/2008/3/4/200382
> mentions another method:
> + (void)setAllowsAnyHTTPSCertificate:(BOOL)fp8 forHost:(id)fp12;
>
> So it looks as though you could just call
> [NSURLConnection setAllowsAnyHTTPSCertificate: YES forHost: myHost];
After doing that, I now get a compiler warning that there's a duplicate
interface defined for NSURLRequest(NSHTTPURLRequest), and at runtime when I
call the routine I get errors in my log:
+[NSURLConnection setAllowsAnyHTTPSCertificate:forHost:]: unrecognized
selector sent to class 0xa02645a0
> A better solution is to insert the cert into the keychain and mark it
> as trusted; but that isn't easy. If the user can get a ".cer" file of
> the server's cert, s/he can double-click it to add it to the keychain,
> then locate it in Keychain Access and mark it as trusted.
> Programmatically, it involves some twisty little APIs; I'd recommend
> using the higher-level wrappers in the open-source Keychain.framework
> (it's on sourceforge.)
For the purpose of this sample, this approach is overkill. You're right,
though, that this would be a much better solution.
>> 3. What does -1203 really *mean*?
>
> From NSURLError.h:
> NSURLErrorServerCertificateHasUnknownRoot = -1203,
Aha! Thanks for the pointer.
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
