Updated questions below - stuff before the update probably not necessary anymore.
I'm using MKNetworkKit to handle the nitty gritty HTTPS communications with my server in my iOS app.
I'm using a self-signed certificate, because I can securely communicate with both my server and client (because the code is installed via Apple's iOS App Store and not downloaded over the open internet as a typical web app is).
It's using https and have the ssl argument set to YES.
Here's the problem: my certificate is getting rejected somewhere along the way and I'm not sure how/where. I want to replace whatever checks are taking place right now with a simple check of the fingerprint on the certificate - if the fingerprint is correct, then the client is communicating securely with my server. If the fingerprint is wrong, then a man-in-the-middle attack is taking place and someone else is pretending to be my server.
Here's the logged output:
Port 80 isn't a typo in the logs, in case you caught that. I really have https running off of port 80 on my server, just because it's not working for some reason when I switch it to port 334... I'll investigate that later... I don't think it's related to this certificate authentication issue...
Updated questions
I solved the prior issue by setting shouldContinueWithInvalidCertificate to YES on each operation as I created it.
So now my operations work and communications are encoded, but I can't be certain on the client end that a man-in-the-middle attack isn't taking place.
I need a way to test the certificate myself. MKNetworkKit uses NSURLConnection... is it possible for me to get at the certificate and test it?
This page here:
https://developer.apple.com/library...rotectionSpace_Class/Reference/Reference.html
Suggests that I should read
But that's not a link. I've googled for it and haven't found anything yet.
I'm using MKNetworkKit to handle the nitty gritty HTTPS communications with my server in my iOS app.
I'm using a self-signed certificate, because I can securely communicate with both my server and client (because the code is installed via Apple's iOS App Store and not downloaded over the open internet as a typical web app is).
It's using https and have the ssl argument set to YES.
Here's the problem: my certificate is getting rejected somewhere along the way and I'm not sure how/where. I want to replace whatever checks are taking place right now with a simple check of the fingerprint on the certificate - if the fingerprint is correct, then the client is communicating securely with my server. If the fingerprint is wrong, then a man-in-the-middle attack is taking place and someone else is pretending to be my server.
Here's the logged output:
Code:
Test Suite 'All tests' started at 2014-05-21 22:32:53 +0000
Test Suite 'iOSAPITests.xctest' started at 2014-05-21 22:32:53 +0000
Test Suite 'iOSAPITests' started at 2014-05-21 22:32:53 +0000
Test Case '-[iOSAPITests testGetNull]' started.
2014-05-21 18:32:53.675 xctest[2235:303] -[MKNetworkEngine reachabilityChanged:] [Line 210] Server [mydomain.com] is reachable via Wifi
2014-05-21 18:32:54.222 xctest[2235:303] -[MKNetworkOperation connection:willSendRequestForAuthenticationChallenge:] [Line 1148] Certificate is invalid, continuing without credentials. Might result in 401 Unauthorized
2014-05-21 18:32:54.276 xctest[2235:2203] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2014-05-21 18:32:54.303 xctest[2235:303] -[MKNetworkOperation operationFailedWithError:] [Line 1505] Wednesday, May 21, 2014 at 6:32:54 PM Eastern Daylight Time
Request
-------
curl -X GET 'https://mydomain.com:80/myapp/.json', [The certificate for this server is invalid. You might be connecting to a server that is pretending to be “mydomain.com” which could put your confidential information at risk.]Port 80 isn't a typo in the logs, in case you caught that. I really have https running off of port 80 on my server, just because it's not working for some reason when I switch it to port 334... I'll investigate that later... I don't think it's related to this certificate authentication issue...
Updated questions
I solved the prior issue by setting shouldContinueWithInvalidCertificate to YES on each operation as I created it.
So now my operations work and communications are encoded, but I can't be certain on the client end that a man-in-the-middle attack isn't taking place.
I need a way to test the certificate myself. MKNetworkKit uses NSURLConnection... is it possible for me to get at the certificate and test it?
This page here:
https://developer.apple.com/library...rotectionSpace_Class/Reference/Reference.html
Suggests that I should read
But that's not a link. I've googled for it and haven't found anything yet.
Last edited: