How to use NSURLConnection to connect with SSL for an untrusted cert?

后端 未结 13 1593
盖世英雄少女心
盖世英雄少女心 2020-11-22 01:29

I have the following simple code to connect to a SSL webpage

NSMutableURLRequest *urlRequest=[NSMutableURLRequest requestWithURL:url];
[ NSURLConnection send         


        
相关标签:
13条回答
  • 2020-11-22 02:07

    Ideally, there should only be two scenarios of when an iOS application would need to accept an un-trusted certificate.

    Scenario A: You are connected to a test environment which is using a self-signed certificate.

    Scenario B: You are Proxying HTTPS traffic using a MITM Proxy like Burp Suite, Fiddler, OWASP ZAP, etc. The Proxies will return a certificate signed by a self-signed CA so that the proxy is able to capture HTTPS traffic.

    Production hosts should never use un-trusted certificates for obvious reasons.

    If you need to have the iOS simulator accept an un-trusted certificate for testing purposes it is highly recommended that you do not change application logic in order disable the built in certificate validation provided by the NSURLConnection APIs. If the application is released to the public without removing this logic, it will be susceptible to man-in-the-middle attacks.

    The recommended way to accept un-trusted certificates for testing purposes is to import the Certificate Authority(CA) certificate which signed the certificate onto your iOS Simulator or iOS device. I wrote up a quick blog post which demonstrates how to do this which an iOS Simulator at:

    accepting untrusted certificates using the ios simulator

    0 讨论(0)
提交回复
热议问题