Evaluating server certificate

Posted by Raven on Stack Overflow See other posts from Stack Overflow or by Raven
Published on 2010-10-11T08:14:40Z Indexed on 2011/01/15 9:53 UTC
Read the original article Hit count: 206

Filed under:

iphone

|

security

|

certificate

Hi, How can I detect a self signed certificate from a revoked or expired ones?

I'm using NSURLConnection and implementing connection:didReceiveAuthenticationChallenge: on delegate:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
        NSURLProtectionSpace *tmpSpace=[challenge protectionSpace];
        SecTrustRef currentServerTrust=[tmpSpace serverTrust];
        SecTrustResultType trustResult;
        OSStatus err = SecTrustEvaluate(currentServerTrust, &trustResult);
        BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) ||                                          (trustResult == kSecTrustResultUnspecified));
        if (trusted){
            // Do something
        }
    }
}

Currently the "if (trusted){}" block only work for certificates trusted by iOS, I want it to work for others as well, but only if the certificate isn't revoked or expired.

The documentation is using SecTrustSettingsSetTrustSettings for changing the settings and reevaluate the trust. but I couldn't find this method (or the SecTrustSetting) for iOS, only for Mac.

Thanks

© Stack Overflow or respective owner

Related posts about iphone

iphone - direct link to iPhone review form from inside iphone

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to link directly to the review link of one of my Apps. I know that it is possible because Appirater did it in the past, but some change in iTunes turned the API down. Appirater uses this URL NSString *templateReviewURL = @"itms-apps://itunes.apple.com/WebObjects/MZStore.woa/wa/viewContentsUserReviews… >>> More
Buy iPhone 4 Without Contract: $599 (AT&T) and $699 (Verizon)

as seen on Tech Dreams - Search for 'Tech Dreams'
Purchasing iPhone without a contract is a good option when you are planning to gift it to someone or going to use it outside US. Both AT&T and Verizon lets you iPhone 4 without a contract but this information is buried deep under blurred text in FAQs and agreements. Here is the pricing… >>> More
Is it possible to download and run IPhone apps on an IPhone emulator

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am tasked to provide an IPhone client app for our SaaS website. I have never written an IPhone application, nor do I have an IPhone at the moment. Before I can decide whether or not I want to do this myself or outsource this, I'd like to try a few apps myself to get a feeling for the UI. Is… >>> More
iPhone web app from dashcode rss feed template works deployed on simulator but not on iphone

as seen on Stack Overflow - Search for 'Stack Overflow'
iPhone web app from dashcode rss feed template works deployed on simulator but not on iphone. The web app is deployed at; http://www.alila.se/wordpress/index.html If i run the simulator and enter that adress, it fetches the rss feed and displays it. Everything fine. When i enter the adress into… >>> More
Problem running iPhone application on iPhone from Xcode (and in Instruments)

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I have a problem running one application on the iPhone from Xcode (or Instruments). When I try to run the app I get the error message Failed to upload XXX.app in the bottom left corner of Xcode. The strange thing is it actually uploaded the app to the iPhone but it doesn't start it (after this… >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More