Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

issue #263 - proposed patch #264

Merged
merged 1 commit into from Oct 5, 2011

Conversation

Projects
None yet
3 participants
Contributor

ikarius commented Oct 5, 2011

Patched issue #263 - (can't revert 'validatesSecureCertificate' once set to 'NO' on new requests)

greenisus added a commit that referenced this pull request Oct 5, 2011

@greenisus greenisus merged commit c27b8f5 into pokeb:master Oct 5, 2011

Collaborator

greenisus commented Oct 5, 2011

thanks!

Contributor

ikarius commented Oct 5, 2011

You're welcome ! (let's go to sleep now)

Le 5 octobre 2011 19:07, Michael Mayo <
reply@reply.github.com> a
écrit :

thanks!

Reply to this email directly or view it on GitHub:
#264 (comment)

Frédéric VERGEZ --
Développeur iOs / Android / Scala
Tél. : +33 981 847 699 - @: fred@ikarius.com

shezban commented Dec 5, 2011

Hi
I am facing the same issue even with v1.8.1-61 2011-09-19, which is having the code fixes as said above in Ref "6600374".
Any solution of this particular issue.

Thanks

shezban commented Dec 5, 2011

Issue is, library is not reverting the SSL properties, when user resets validatesSecureCertificate from NO to YES. Though user is saying to perform SSL validation but at OS level, SSL properties are set for not to perform SSL validation [sets when validatesSecureCertificate sets as NO] . Hence library is not giving any error with self-signed certificates and validatesSecureCertificate as YES.

Solution for this is as follows:

  • (void)startRequest
    {


    //
    // Handle SSL certificate settings
    //

    if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {

    // Tell CFNetwork not to validate SSL certificates
    if (![self validatesSecureCertificate]) {
        // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html
    
        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                  [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                  [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                  [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                  kCFNull,kCFStreamSSLPeerName,
                                  nil];
    
        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];
    } 
    

    /* Need to add this else loop - Following needs to add to revert back the SSL settings */
    else {
    NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
    [NSNumber numberWithBool:NO], kCFStreamSSLAllowsExpiredCertificates,
    [NSNumber numberWithBool:NO], kCFStreamSSLAllowsAnyRoot,
    [NSNumber numberWithBool:YES], kCFStreamSSLValidatesCertificateChain,
    nil];

        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];            
    }
    

}

Thanks
Shivani

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment