Skip to content

Fixed SSL validation error in IOS 5.0.1 #325

Open
wants to merge 1 commit into from

3 participants

@ignaval
ignaval commented May 31, 2012

Validation of SSL certificates failed on IOS 5.0.1 with

error = Error Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)" UserInfo=0x18460b0 {NSUnderlyingError=0x1853ab0 "The operation couldn’t be completed. (OSStatus error -9800.)", NSLocalizedDescription=A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)}

after setting the kCFStreamSSLLevel property to @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3" (as recommended here https://developer.apple.com/library/ios/#technotes/tn2287/_index.html#//apple_ref/doc/uid/DTS40011309) the validation started working again, and still works on IOS 5.1.1

@yosit
yosit commented on c782abb Jun 8, 2012

You are my hero :) seriously...

I'm glad this helped!

Hello guys,

Even though this code resolve someone's "validatesSecureCertificate" error,But it's unsafe.Because whether the user setValidatesSecureCertificate:YES or NO,

[code]
NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
1228

  • [NSNumber numberWithBool:NO], kCFStreamSSLAllowsExpiredCertificates, 1229
  • [NSNumber numberWithBool:NO], kCFStreamSSLAllowsAnyRoot, 1230
  • [NSNumber numberWithBool:YES], kCFStreamSSLValidatesCertificateChain, 1231
  • @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel, 1232
  • nil]; 1233

  • 1234
  • CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 1235
  • kCFStreamPropertySSLSettings, 1236
  • (CFTypeRef)sslProperties); 1237
  • [sslProperties release]; [code]

the request will alway trust the Server

@acidlemon acidlemon added a commit to acidlemon/asi-http-request that referenced this pull request Jun 22, 2012
@acidlemon acidlemon apply original repo's pull req #325 (pokeb#325) db22f25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.