IOS, UIWebView, HTTPS, and Trusting Arbitrary Certificate (Open Source Reference?)
Question
I want to encapsulate UIWebView which can handle both http and https request on ios platform, especially for https, it should handle both trust and unverified (developer defined) certificates. Any open source available to take reference?
Thanks in advance.
3 answers
solution1
1 ACCPTED 2012-10-21 18:39:14
Graham Lee discusses some of the things you can do at On SSL Pinning for Cocoa [Touch] . Its about as close as you are going to get to open source - its sample code that shows you how to do it with NSURLConnection and NSURLConnectionDelegate .
Lee's article discusses how to pin a public key, which improves security on the channel. Public Key Pinning is equivalent to StrictHostKeyChecking in SSH. In addition, I believe you can use NSURLConnection and NSURLConnectionDelegate to trust your [otherwise] untrusted certificates (I don't observe the practice, so I'm not sure of the details).
Be careful of lessening (ruining?) the security built into the channel. A survey and analysis of dumb developer decisions was recently published at Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security . Its not limited to Android.
solution2
0 2012-10-15 07:09:07
创建网络连接以处理SSH挑战,不受信任的证书。
solution3
0 2013-03-23 22:54:55
这部分代码可能对https://github.com/dirkx/Security-Pinning-by-CA有所帮助-确实做到了。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.