Skip to content

kCFStreamSSLAllowsAnyRoot with self-signed certificate #339

Open
1am opened this Issue Aug 1, 2012 · 0 comments

1 participant

@1am
1am commented Aug 1, 2012

I'm having a problem connecting via https with my self-signed certificate. Somewhere on the internet i've found information that asi-http-request has problems with root certificates (and self-signed certs are root) so i used the root cert to sign another certificate and i'm using this on the server. Unfortunately in both cases the connection fails.
I can't skip certificate validation but i checked the startRequest method's source and when i change the CFReadStreamSetProperty part to use this value everything works fine.

        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                  [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                  kCFNull,kCFStreamSSLPeerName,
                                  nil];

Could You please provide a mechanism for changing ssl properties without the need to modify the source code or subclassing?
Or please at least explain why self-signed certificates are failing when kCFStreamSSLAllowsAnyRoot, is set to the default NO value.

Cheers,
PB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.