willSendRequestForAuthenticationChallenge not called

Question

I am trying to validate a servers certificate in an iOS application.

The delegate method I am having an issue with is:

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

This method is called when I use a server such as "https://twitter.com".

But, when I point it to my production server (Government CA), this method simply does not get called.

This cert, I guess, can be considered a self-signed cert, because if you do not have the gov certs installed, you get the "This connection is untrusted" message in a browser.

Is there any way to force willSendRequestForAuthenticationChallenge to be called and check the self-signed certificate?

Thanks!

Answer 1

The question has been asked a while ago but I thought I'd give an answer for people to come.

As I understand the authentication challenge is only called once per host every 10 minutes. The result of the challenge is getting cached for performance. The cache expires in 10 minutes. (http://en.wikipedia.org/wiki/Transport_Layer_Security#Resumed_TLS_handshake)

The good insight is given here by jblack who has the reference to Apple forums: How to cancel a persistent connection using NSURLConnection?

When I had a similar question and an issue, the thing that tripped me was that I used the same host for multiple operations in the app, so the challenge has been accepted elsewhere but hasn't expired before my NSURLConnection fired, hence I never got the challenge (had no need).

Try to isolate the host to this one request and then you should get the callback.

Hope it helps.