I want to implement SSL in my app using Secure transport https://developer.apple.com/library/ios/DOCUMENTATION/Security/Reference/secureTransportRef/Reference/reference.html. I want to check for the handshake, session key and encryption(128/256). I am able to verify the certificate using nsurlconnection delegate methods. But need to setup the ssl without using any third party library like ASIHttpRequest or AFNetwork. Thanks in advance
Related
I am trying to implement SSL pinning and I did, using the didReceiveAuthentication Challenge. I do have a question, however, is that the description of this function
https://developer.apple.com/documentation/webkit/wknavigationdelegate/1455638-webview?language=objc
and so are the URLSession Version of it, both mentioned that only when the challenge is received. My worry is that, would there be website that doesn't ask for client certificate at all? If that is the case, how am I suppose to do SSL pinning then?
Client-side certificate pinning has nothing to do with client certificates. didReceiveAuthenticationChallenge: is called in response to receiving the server's certificate as well. In that case it's called with the protectionSpace.authenticationMethod set to NSURLAuthenticationMethodServerTrust. If the server requests a client certificate, it'll be called again with ...ClientCertificate. If Basic Auth is required, it'll be called again with ...HTTPBasic and so on.
I am developing an iPhone application for my client in which I have to send requests to a Secure SSL Server(Client's server, everything is ready by server side) with certificate authentication.
I am not getting exact procedure, or exact code showing steps to be followed. (i.e Procedure is not clear to me)
If anybody can explain me the mechanism behind it, it will be helpful for me.
Thank you.
You need not to do anything.
Just use proper URL with https://
All the underlying complexity will be handled by NSURLConnection class. It is as same as calling any other network services.
What is the best/easiest way to authenticate a user from an iPhone client to a PHP/MySQL web-service? I have not set any authentication up and I want to keep track of the user so when I call my services it sends the username. I want to make sure this user is unique and if they lose their phone they will be able to re-download app and login with credentials.
This is very open ended question. Can you please provide some use cases that way we can help. If you are talking about Secure Authentication then just use HTTPS:
HTTPS was designed specifically to:
1)use encryption to defend against packet-sniffing
2)use certificates signed by an authority to defend against MITM
I need make iPhone aplication to send username and password and then get token. I was looking for simply to use iPhone AES library, but I haven't found anything usable. Or should I use SSL (HTTPS) ? Can you recommend me best way how to
Any internet traffic that requires security should use SSL. Just set up a web server with an SSL certificate, then pass the https URL to a NSURLRequest and it'll take care of the rest.
Is there any way to bundle a certificate in my application - and then use that to perform HTTP GET/POST using a NSURLRequest?
I.e. the certificate should not be used for other HTTP traffic on the device, only by my application.
Cheers
I don't believe so, but since all applications are sandboxed any special authentication measures you may have within your application cannot be accessed by other applications.
Best (in my opinion) you put the private key and certificate that you want to use on the keychain (or keychains of other 3rd party apps that share the same provisioning certificate).
As for the actual loading of the p12 we do use openssl (we did write a obj-c wrapper around it) to decode the .p12 that we send to the app (you can always use .DER or .PEM to ship the p12 with your app)