Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to check the security of the SSL certificate in iOS?

Tags:

security

ios

ssl-certificate

ios4

ios5

I wanna check whether the SSL certificate is present in the URL also wants to check its version and validation type.

I have created a application where I am calling the NSURLConnection delegate methods to send request over a server.

Also used "canAuthenticateAgainstProtectionSpace" method, but this method is not getting called once the connection is established.

How do I achieve this?

like image 975
iLearner Avatar asked Feb 23 '12 11:02

iLearner

People also ask

How do I check my SSL certificate details?

To check an SSL certificate on any website, all you need to do is follow two simple steps. First, check if the URL of the website begins with HTTPS, where S indicates it has an SSL certificate. Second, click on the padlock icon on the address bar to check all the detailed information related to the certificate.

How do I view security certificates in Safari?

In the Safari app on your Mac, look for an encryption icon in the Smart Search field. An encryption icon indicates that the website uses the HTTPS protocol, has a digital identity certificate, and encrypts information. To view the website's certificate, click the icon. A gray lock icon indicates a standard certificate.

How do I trust certificates in iOS 15?

The user can then trust the certificate on the device by going to Settings > General > About > Certificate Trust Settings.

1 Answers

iOS does not give you very granular access to certificate information. You have two choices: private APIs or build your own evaluator with OpenSSL.

You can see the private certificate functions in the opensource code. The version is available from SecCertificateVersion(). I'm not certain what you mean by "validation type" here.

To do this with OpenSSL, you can get the DER data with SecCertificateCopyData() and then parse everything yourself.

I suggest opening a radar (bugreporter.apple.com) on this issue. The lack of access to basic information about the certificate is a serious problem.

If you're looking for sample code that extracts the certificate from the NSURLConnection, see the Chapter 11 sample code from iOS:PTL:

- (void)connection:(NSURLConnection *)connection
  willSendRequestForAuthenticationChallenge:
  (NSURLAuthenticationChallenge *)challenge
{
  NSURLProtectionSpace *protSpace = challenge.protectionSpace;
  SecTrustRef trust = protSpace.serverTrust;
  ...
    SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, 0);
  ...

At this point, cert holds your leaf certificate.

like image 199
Rob Napier Avatar answered Nov 15 '22 00:11

Rob Napier
Sign in to Comment

Related questions

warning: duplicate protocol definition of '...' is ignored
How to do vignette effect on iOS?
How to POST an object to rails using RestKit?
What iOS version is required to use @autoreleasepool?
Make an affiliate link to the iTunes store without redirects?
Access the data of AVPlayer when playing video from HTTP Live Streaming
Hide or disable back button in final view of navigation controller based app
What's the point of "Supported Device Orientation" in iOS application setting?
iOS: Uniquely identify ViewControllers from Storyboard
iOS: Is it secure to store sensible user information in [NSUserDefaults standardUserDefaults]?
Table view inside view, inside viewcontroller. Best way to do it?
Unable to keep UIButton in selected state after TouchUpInside Event
NSNumberFormatter leading 0's and decimals
How to use UIApplication handleOpenURL Notifications
iOS AirPlay: my app is only notified of an external display when mirroring is ON?
What is the canonical audio sample data type in iOS 5
How to scale down an image in iOS, anti-aliased but not soft?
How to get the Arabic keyboard in iphone sdk [closed]
What does nibNameOrNil really mean?
Xcode "valid signing identity not found" on new Computer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!