NSURLConnection will give you an error message ( NSURLErrorDomain ) if you try to connect to a server with an invalid certificate (for example, it is self-signed, outdated, has the wrong host, etc.). That way, you really don't need to do any checks yourself, because all this is being processed for you.
If you really need / need to display a summary of SSL certificates in the user interface, you will need to drop the layer from NSURLConnection and use the low-level CFNetwork API. If you have a CFReadStreamRef that is in state kCFStreamEventEndEncountered , you should be able to do the following (if your stream descriptor is called readStream ):
NSArray* certificates = [(NSArray*)CFReadStreamCopyProperty(readStream, kCFStreamPropertySSLPeerCertificates) autorelease]; if ([certificates count] > 0) { SecCertificateRef certificate = (SecCertificateRef)[certificates objectAtIndex:0]; NSString* description = [(NSString*)SecCertificateCopySubjectSummary(certificate) autorelease]; NSData* data = [(NSData*)SecCertificateCopyData(certificate) autorelease]; }
You will need to decode the information stored in data if you want to access the various properties of the certificate, but the summary contained in the description may be enough for your purposes.
Nathan de vries
source share