iosobjective-ccertificatensurlconnectiontls1.2
Manually validate TLS Certificate (ios objective-c)
I am creating an iOS application that communicates with a web server using TLS. When I access the web server, it presents a certificate to my device, and I would like to validate that I can trust it.
I have the root certificate embedded in my xcode project as a der file. The code I have so far gets NSString versions of both certificates in the NSURLConnection's delegate function for authentication challenge.
Any ideas on how to validate manually?
Here's my current code:
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSLog(@"Certificate challenge");
if (self.stageNum==0) {
id <NSURLAuthenticationChallengeSender> sender=challenge.sender;
NSURLProtectionSpace *protectionSpace=challenge.protectionSpace;
SecTrustRef trust=[protectionSpace serverTrust];
//Get server certificate
SecCertificateRef certificate=SecTrustGetCertificateAtIndex(trust, 0);
NSData *serverCertificateData=(__bridge NSData *)SecCertificateCopyData(certificate);
NSString *serverBase64Certificate=[serverCertificateData base64EncodedStringWithOptions:0];
//Get our certificate
NSData *certData1 = [[NSData alloc] initWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"SUMOSRoot" ofType:@"der"]];
NSString *certBase64=[certData1 base64EncodedStringWithOptions:0];
//Heres where I need to compare the certificates
//
//
[sender useCredential:[NSURLCredential credentialForTrust:protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
}
Solution
I think this post solves your purpose. Beautifully written/explained.
People who are too lazy to open the links, i'll add some description over here from the post.
