Bypass kCFStreamErrorDomainSSL error for self-signed certificates on iOS 7

Question

I am trying to load a HTTPS web page, which has a self-signed certificate, in to an UIWebView. Using tips like this one, or this one, it works under iOS 6. The same does not work in iOS 7.

As per the linked-to Stack Overflow questions, I'm also using an NSURLConnection to first try and get past the self-signed certificate -- this all before even trying to load the URL in the UIWebView.

When trying the same in iOS 7, I get the following error:

2014-02-12 16:00:08.367 WebView[24176:5307] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

2014-02-12 16:00:08.370 WebView[24176:70b] An SSL error has occurred and a secure connection to the server cannot be made.

Is there a work-around to get this to work in iOS 7? At the moment I'm using the first example.

Answer 1

Please follow the link:

in UiWebView - NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -108)

BOOL _Authenticated;
NSURLRequest *_FailedRequest;
#pragma UIWebViewDelegate

-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request   navigationType:(UIWebViewNavigationType)navigationType {
    BOOL result = _Authenticated;
    if (!_Authenticated) {
        _FailedRequest = request;
        NSURLConnection *urlConnection = [[NSURLConnection alloc] initWithRequest:request delegate:self];
        [urlConnection start];
    }
    return result;
}

#pragma NSURLConnectionDelegate

-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        NSURL* baseURL = [NSURL URLWithString:@"your url"];
        if ([challenge.protectionSpace.host isEqualToString:baseURL.host]) {
            NSLog(@"trusting connection to host %@", challenge.protectionSpace.host);
            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
        } else
            NSLog(@"Not trusting connection to host %@", challenge.protectionSpace.host);
    }
    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

-(void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)pResponse {
    _Authenticated = YES;
    [connection cancel];
    [webvw loadRequest:_FailedRequest];
}

Answer 2

Add this method in your class:

-(void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSURL* baseURL = [NSURL URLWithString:@"yourURL"];

        if ([challenge.protectionSpace.host isEqualToString:baseURL.host])
        {
            SecTrustRef trust = challenge.protectionSpace.serverTrust;

            NSURLCredential *cred = [NSURLCredential credentialForTrust:trust];
            [challenge.sender useCredential:cred forAuthenticationChallenge:challenge];
        }
        else
            NSLog(@"Not trusting connection to host %@", challenge.protectionSpace.host);
    }
    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}