CODEWITHSUNDEEP
iphoneobjective-ccocoa-touchsslhttps
Zach Bolton
Zach Bolton

Reputation: 71

Unable to trust a self signed certificate on iphone

I am currently trying to connect to a server with a self signed certificate. I am using NSURLConnection to connect to the server. How can I make sure that I only trust the right server and cancel all other connections? I am using the following code 

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {  

    SecTrustResultType results;
    SecTrustRef trust = [[challenge protectionSpace] serverTrust];

    SecTrustEvaluate(trust, &results);

    if (results == kSecTrustResultProceed || results == kSecTrustResultConfirm) {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    } else {
        [challenge.sender cancelAuthenticationChallenge:challenge];
    }

}

Currently SecTrustEvaluate always returns with results equal to kSecTrustResultRecoverableTrustFailure. I have installed a configuration profile with the certificate on the phone using the iphone configuration utility and it is marked as verified but it did not change the results.

Can anyone help me get a trust result of either kSecTrustResultProceed or kSecTrustResultConfirm for a self signed certificate?

Upvotes: 7

Views: 4983

Answers (1)

David Grant
David Grant

Reputation: 14225

You'll need to make sure that your certificate has certain extensions. I configured a certificate with the following extensions, and it worked for me (OpenSSL format):

basicConstraints=critical,CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=IP:192.168.x.y

Upvotes: 4

Related Questions