Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASIHTTPRequest https request & SSL

I'm trying to send out a very simple ASIHTTPRequest with https. Although I have set the validatesSecureCertificate flag to "NO", I still get an odd response for my request:

A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)

The code I am using is pretty straightforward, I am removing the actual parameters for security reasons:

NSURL *url = [NSURL URLWithString:@"https://secured.cet.ac.il/KotarServices/getMyBooks.aspx?username=xxxxxxxx&password=xxxxx&packageid=x"];
    ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
    [request setDidFailSelector:@selector(getMyBooksFailedWithError:)];
    [request setDidFinishSelector:@selector(getMyBooksFinishedWithResult:)];
    [request setDelegate:self];
    [request setValidatesSecureCertificate:NO];
    [request startAsynchronous];

Digging deeper into the code, I see that the request fails on a "-9807" error code, which is related only to the operating system and has nothing to do with the server I am interacting with (SecureTransport.h maps this out to be "invalid certificate chain"). Any ideas how to overcome this issue? Thanks in advance.

like image 812
Stavash Avatar asked Jul 08 '26 01:07

Stavash


2 Answers

I remember i had a similar problem with a GoDaddy certificate and had to make the following change in ASIHTTPRequest.m, below the comment "Handle SSL certificate settings", inside the if(![self validatesSecureCertificate]), around line 1160:

[sslProperties setObject:(NSString *)kCFBooleanTrue forKey:(NSString *)kCFStreamSSLAllowsAnyRoot];

like image 110
trydis Avatar answered Jul 10 '26 15:07

trydis


I ran into this with a GoDaddy certificate I just bought today. One correction to trydis's solution: I think you want this outside the if(![self validatesSecureCertificate]), since you actually want to validate the certificate. As the comment says, stuff inside the if clause "tells CFNetwork not to validate SSL certificates". TBH, I have no idea why the GoDaddy certificate is being interpreted by the client as a root certificate, which is what's necessitating this change in the first place.

like image 22
Jed Lau Avatar answered Jul 10 '26 14:07

Jed Lau



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!