How to use NSURLConnection to connect with SSL for an untrusted cert?
I have the following simple code to connect to a SSL webpage
NSMutableURLRequest *urlRequest=[NSMutableURLRequest requestWithURL:url];
[ NSURLConnection send
-
Ideally, there should only be two scenarios of when an iOS application would need to accept an un-trusted certificate.
Scenario A: You are connected to a test environment which is using a self-signed certificate.
Scenario B: You are Proxying
HTTPStraffic using aMITM Proxy like Burp Suite, Fiddler, OWASP ZAP, etc.The Proxies will return a certificate signed by a self-signed CA so that the proxy is able to captureHTTPStraffic.Production hosts should never use un-trusted certificates for obvious reasons.
If you need to have the iOS simulator accept an un-trusted certificate for testing purposes it is highly recommended that you do not change application logic in order disable the built in certificate validation provided by the
NSURLConnectionAPIs. If the application is released to the public without removing this logic, it will be susceptible to man-in-the-middle attacks.The recommended way to accept un-trusted certificates for testing purposes is to import the Certificate Authority(CA) certificate which signed the certificate onto your iOS Simulator or iOS device. I wrote up a quick blog post which demonstrates how to do this which an iOS Simulator at:
accepting untrusted certificates using the ios simulator
讨论(0)
加载中...
- 热议问题