I have a self signed SSL certificate serving out my test enviroment. I would like to do some testing connecting to the service from my iphone however, the SSL exception is causing an error.
Is there a way to ignore the SSL exception on the iPhone?
Edit:
I should have added a bit more detail, the answers below will work hoever if i can get it to work inside NSXMLParser that would be even better.
If you're only testing, you can use the private setAllowsAnyHTTPSCertificate:forHost: method on NSURLRequest. Otherwise, I'd recommend using the ASIHTTPRequest library which provides a great high-level API to the CFNetwork APIs, including the ability to use self-signed certificates. The method you're looking for is setValidatesSecureCertificate:.
Related
I do not know is it correct way or not but I am trying to get certificate from macos keychain and use it on flutter httpclient to establish a Certificate based connection. I just wonder is it possible or not.
For now i can get the certificate with native code with and i am returning the data:
var certificate: SecCertificate?
SecIdentityCopyCertificate(identityNotNil, &certificate)
let data = SecCertificateCopyData(certificate!)
then i try to use it like inside flutter:
SecurityContext context = SecurityContext.defaultContext
..useCertificateChain(certificateByteArray, password: 'password');
var _client = HttpClient(context: context);
but i am getting error about bad certificate. Maybe there is a way to reach keychain directly from flutter.
Thank you.
To be more specific, i am trying to use a certificate like :
https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/establishing_a_certificate-based_connection_to_apns
I assume that your question relates to flutter web - not a standalone Mac OS application? Then I can think of the following scenarios:
Use client certificates to establish an SSL based secure transport layer with certificate based authentication.
Use client certificates to exchange encrypted messages with encryption done by the application (both client and server) or use client certificates on the application layer for Authentication only.
Scenario 1: SSL with client certificates
In flutter web, HTTP Connections are only supported via XMLHttpRequest - the underlying JavaScript Object - under the hood flutter web code is transformed into JavaScript code. XMLHTTPRequest does NOT support any Client Certificates.
But you can configure the Browser to use client certificates when connecting to a WebServer via SSL - this would be fully transparent to the flutter web app. All modern browsers support client certificates and do access the MacOS keychain.
Of course, the server need to support SSL with client certificates. E.g. if you want to use client certificates in order to authenticate to a Spring Application based on SSL client certificates, this is described here:
Spring Security - Pre-Authentication Scenarios
Scenario 2: Application layer encryption/authentication
This is a very unusual scenario, as web applications usually rely on SSL for many good reasons: No coding is required and its pretty secure. But of course, it is technically feasible to implement encryption of all messages exchanged with the server on your own.
Letting aside the pure coding work (encryption libraries also exist for flutter), the key problem is to get the certificate and the private key into the application. Loading the certificate from the server without prior authentication (like the web app itself or all assets) would be a major security flaw, because then an attacker could also easily download the certificate/private key.
The only secure way I can think of, is to obtain the certificate and private key form the client computer. Unfortunately, a flutter web app - like every JavaScript app - is running in a Sandbox within a Browser, which puts major constraints on the application - for good Browser security reasons. Due to this sandbox, the flutter web app CANNOT access the Mac OS keychain directly.
But you can let the user pick a file with the certificate and private key. This is described here:
How to Pick files and Images for upload with flutter web
I am developing an iPad application and using the ASIHTTPRequest library (https://github.com/pokeb/asi-http-request) to make requests to my web server, which runs CentOS 6.2 and is equipped with Apache 2.2 and mod_ssl enabled.
When I make an HTTPS request to the server, sometimes I get a null response. Absolutely nothing. As if the server were completely dead. Sometimes it works just fine, returning the expected response. There is no rhyme or reason to when the response is null and when it's fine.
The server uses a dummy security certificate
I am setting validatesSecurityCertificate to NO
I am setting SSLVerifyClient to none in httpd.conf
Note, HTTPS requests sent through a web browser work fine (after you tell it to proceed without a security certificate). But, all HTTPS requests sent through HTTP Client: ((Zero-length response returned from the server.))
The trick to using ASIHTTPRequest well is that you dont use it. Its deprecated by its author allseeing-i.com/ASIHTTPRequest . I suggest using AFNetworking, RESTKit or even NSURLConnection.
As it is we have no code of yours to see, but when experiencing random issues with a library that hasn't been worked on in years I would say to start by using a different library.
After changing server to ssl ( http --> https ), I'm getting failure block executed and generating the error such as
request timed out
I know AFXMLRequestOperation is subclass of AFHTTPRequestOperation which is a subclass of AFURLConnectionOperation for requests using the HTTP or HTTPS protocols. Therefore, I thought I could get some response back from server, not the above error .
Does anybody experience it before, please help. Any comments are welcomed.
Thanks
It's possible that the ssl certificate you're using on your server is self signed or is not signed by a suitable certificate authority. I would start by investigating that, and then take steps to force your app to connect to the server even though the certificate is abnormally signed.
My application uses ASIHttpRequest for my server communication. I have a requirement that I should block HTTP protocol cos I dont wont to transmit that data over insecure link. So only SSL over HTTPS will be allowed. Also even thought the link is HTTPS I need to ensure that I am calling to the correct certificate. So I need a server certificate validation in my code. Please guide me how to do this.
I researched on this. I found few possible answers. One is to create a client certificate and do the validation. Also there are ways to "Client certificates support" under ASIHttpRequest documentation. So how to achieve my requirements above. Also integration of CFNetwork code into ASIHttpRequest will also do.
Regards,
Dilshan
You can get a validated certificate from an certificate authority like StartSSL or Thawte. Then iOS checks if the certificate is trusted by an authority. iOS comes with different trusted authorites.
If the server certificate is not validated by an authority the connection is rejected.
You don't need to do something special in code. Only use a https connection.
I'm currently writing a iphone app which will consume WCF services over a secure connection (SSL/https). I have managed to consume this service while testing locally via http.
Now we want to make sure the service is secure, so we've set up a UAT server with a properly signed certificate to run our tests.
We are using a custom binding, coupled with security mode TransportWithMessageCredentials which requires a username/password in the ClientCredentials property.
Generated the proxy using SISvcUtil.exe
When I try to call this secure service from the iPhone, I get a rather lovely generic error of:
Exception in async operation: System.Net.WebException: There was an error on processing web request: Status code 500(internal server error)
(Here is a pastebin of full exception ).
I've tried implicitly accepting the certificate using:
ServicePointManager.ServerCertificateValidationCallBack = (sender, cert, chain, ssl) => true;
but this just returns the same 500 error.
The same code works great on a windows machine but not on the iphone. Has anyone else come across this problem and/or know of a solution to it?
This could be a bug in monotouch, it may not have full implementation of generated proxy using SISvcUtil.exe, did you try generating a mac app and test it on mac?
Does monotouch have any documented example with support on WCF proxy? If they dont have then probably it may not work, monotouch does not provide a .NET runtime, instead it actually compiles everything to native ios binary. So if WCF proxy is not correctly transformed, it will not work.
So it would seem that at the time of writing, Monotouch doesn't support WCF very well (it currently has a barebones implementation).
Due to this, and the need for decent security around our webservice, we've decided to go down a different route; validating the user via username+password over a secure, encrypted SSL connection everytime the web service is called. We use Silverlight 3.0 SiSUtil.exe to generate the bindings for the webservice rather than include it as a web reference in the project.
Generally when getting Internal Server errors I've found the cause to be a problem with the HTTP headers being sent in the request. I don't really use WCF on MonoTouch so I'm not sure about the implementation.