I want to detect iOS Server self-signed certificate expiration
I use AFNetworking lib,I use this method certificate validation - (void)setSessionDidReceiveAuthenticationChallengeBlock:(NSURLSessionAuthChallengeDisposition (^)(NSURLSession *session, NSURLAuthenticationChallenge *challenge, NSURLCredential * __autoreleasing *credential))block. I did not find certificate expiration property.
I found this again,but invalid and expired is one property
/**
Whether or not to trust servers with an invalid or expired SSL certificates. Defaults to `NO`.
*/
#property (nonatomic, assign) BOOL allowInvalidCertificates;
any hero help me?
Related
Using the Objective-C gRPC library, how do I implement TLS certificate pinning?
Bonus question: how do I achieve this using GRPCcall2, and not the deprecated GRPCcall?
gRPC doesn't support TLS certificate pinning, but you can set the root certificate in GRPCMutableCallOptions
/**
* PEM format root certifications that is trusted. If set to nil, gRPC uses a list of default
* root certificates.
*/
#property(copy, readwrite, nullable) NSString *PEMRootCertificates;
https://github.com/grpc/grpc/blob/master/src/objective-c/GRPCClient/GRPCCallOptions.h#L331
Inside the delegate
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
After getting Server Challenge, i am able to extract X.509 Certificate using following code:
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0);
Now I Need to get the expire date from this SecCertificateRef.
And also want to check whether the certificate is having valid domain name.
I have gone through apple docs and googled for long time, some suggested to use SLL library to get these details. In project no Third party libraries are permitted. Is any way to get these details without third party libs?
I have an iPhone app , that needs to make secure connection to my webservice
I have a CA which i created and want to add to the app, so that it creates the connection and authenticates my server
I am using restkit 0.20.3 to make the requests.
How do i configure the AFHHTTPClient to trust my certificate ?
Only adding the your URL as https:// formate will do because your information will be encrypted based on the SSL certificate
In ASIHttpRequest Client certificates support
If your server requires the use of client certificates, as of v1.8 it is now possible to send them with your request.
// Will send the certificate attached to the identity (identity is a SecIdentityRef)
[request setClientCertificateIdentity:identity];
// Add an additional certificate (where cert is a SecCertificateRef)
[request setClientCertificates:[NSArray arrayWithObject:(id)cert]];
There is a helper function in ClientCertificateTests.m in the iPhone / iPad sample app that can create a SecIdentityRef from PKCS12 data (this function only works on iOS).
and look here for more info about handling the self signed certificate at iOS end:
Use a self-signed ssl certificate in an iphone app
iPhone: install certificate for SSL connection
I have an API end point which has an SSL Certificate (secure https API). My iOS app bundle also includes that certificate so when I try to reach the API end point, objective C verifies if the certificate matches or not. My implementation of matching certificates works fine.
But I also need to verify if the API provides an SSL Certificate or not.
I am using AFNetworking for matching the certificates, and the place where it verifies the certificate: - (void)connection:(NSURLConnection *)connection
willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge does not even gets called when there is no certificate present. Hence the app doesn't verify anything.
I need something to verify in first place if the API has certificate or not, and if it doesn't then the app should not reach to the API end point.
I'm using the ASIFormDataRequest class from the ASIHTTPRequest library to talk to a .NET web service over an HTTPS connection.
I'd like to make a solution that eliminates the need for SSL security, but the SSL certificate expires sooner than I can get an update to the AppStore.
I'm wondering what will happen when the app makes an ASIFormDataRequest after the certificate has expired. Will an error be thrown?
If certificate checking is enabled (which is the default) then any requests to a server with an expired ssl certificate will fail with an error.