While working on updating the application, I have to run iOS5 after it does not work with the beta version. The issue is resolved because our custom SSL certificate verification no longer works.
In the didReceiveAuthenticationChallenge section, we get our root certificates and call SecTrustEvaluate. This works great on iOS4.
protectionSpace = [challenge protectionSpace]; trust = [protectionSpace serverTrust]; err = SecTrustEvaluate(trust, &trustResult); trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified)); if (!trusted) { err = SecTrustSetAnchorCertificates(trust, (CFArrayRef)[EagleAccessAppDelegate getDelegate].rootCertificates); if (err == noErr) { err = SecTrustEvaluate(trust, &trustResult); } trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified)); } if (trusted) { NSURLCredential *cred = [NSURLCredential credentialForTrust:trust]; [[challenge sender] useCredential:cred forAuthenticationChallenge:challenge]; } else { [[challenge sender] cancelAuthenticationChallenge:challenge]; }
Certificates are stored in DER format as resources included in the application.
// Load Certificates. NSString *devFilePath = [[NSBundle mainBundle] pathForResource:@"ipms-dev-ca.der" ofType:@"crt"]; NSData *devRootCertificate = [[[NSData alloc] initWithContentsOfFile:devFilePath] autorelease]; SecCertificateRef devRoot = SecCertificateCreateWithData(NULL, (CFDataRef) devRootCertificate); NSString *prodFilePath = [[NSBundle mainBundle] pathForResource:@"ipms-prod-ca.der" ofType:@"crt"]; NSData *prodRootCertificate = [[[NSData alloc] initWithContentsOfFile:prodFilePath] autorelease]; SecCertificateRef prodRoot = SecCertificateCreateWithData(NULL, (CFDataRef) prodRootCertificate); self.rootCertificates = [[NSArray alloc] initWithObjects:(id)devRoot, (id)prodRoot, nil];
Basically, we have our own CA certificate, which we use to issue certificates for the servers that our application connects to.
I can recreate this with the AdvancedURLConnections sample application.
source share