Permalink
Browse files

Update Classes/ASIHTTPRequest.m

the call to the function

CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);

to set the client certificate was overriding the previous values of the property kCFStreamPropertySSLSettings set to ignore certificates validation
  • Loading branch information...
1 parent 3ed0b3c commit 2df4582ea4ee2cd1fd35e3aa4949ed6f1da8f06d @tkanzakic committed Sep 19, 2012
Showing with 28 additions and 29 deletions.
  1. +28 −29 Classes/ASIHTTPRequest.m
View
57 Classes/ASIHTTPRequest.m
@@ -1205,44 +1205,43 @@ - (void)startRequest
// Handle SSL certificate settings
//
- if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {
-
- // Tell CFNetwork not to validate SSL certificates
- if (![self validatesSecureCertificate]) {
- // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html
-
- NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
- [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
- [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
- [NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
- kCFNull,kCFStreamSSLPeerName,
- nil];
-
- CFReadStreamSetProperty((CFReadStreamRef)[self readStream],
- kCFStreamPropertySSLSettings,
- (CFTypeRef)sslProperties);
- [sslProperties release];
- }
+ if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {
+
+ // Properties for the SSL connection
+ NSMutableDictionary *sslProperties = [NSMutableDictionary dictionary];
// Tell CFNetwork to use a client certificate
if (clientCertificateIdentity) {
- NSMutableDictionary *sslProperties = [NSMutableDictionary dictionaryWithCapacity:1];
+ NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[clientCertificates count]+1];
- NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[clientCertificates count]+1];
-
- // The first object in the array is our SecIdentityRef
- [certificates addObject:(id)clientCertificateIdentity];
-
- // If we've added any additional certificates, add them too
- for (id cert in clientCertificates) {
- [certificates addObject:cert];
- }
+ // The first object in the array is our SecIdentityRef
+ [certificates addObject:(id)clientCertificateIdentity];
+
+ // If we've added any additional certificates, add them too
+ for (id cert in clientCertificates) {
+ [certificates addObject:cert];
+ }
[sslProperties setObject:certificates forKey:(NSString *)kCFStreamSSLCertificates];
+ }
+
+ // Tell CFNetwork not to validate SSL certificates
+ if (![self validatesSecureCertificate]) {
+ // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html
+
+ NSMutableDictionary *sslNotValidateCertificate = [[NSMutableDictionary alloc] initWithObjectsAndKeys:
+ [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
+ [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
+ [NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
+ kCFNull,kCFStreamSSLPeerName,
+ nil];
- CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
+ [sslProperties addEntriesFromDictionary:sslNotValidateCertificate];
+ [sslNotValidateCertificate release];
}
+ // Set the properties
+ CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
}
//

0 comments on commit 2df4582

Please sign in to comment.