Self signed certificate issue
2,432 views
Skip to first unread message
jollyblade
Aug 3, 2011, 10:51:53 AM8/3/11
to RestKit
Hi,
I have a strange problem with our self signed certificate, I cannot
find the answer, I get back this:
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred
and a secure connection to the server cannot be made."
UserInfo=0x5c79a0 {NSErrorFailingURLStringKey=https://ourserver,
NSLocalizedRecoverySuggestion=Would you like to connect to the server
anyway?, NSErrorFailingURLKey=https://ourserver,
NSLocalizedDescription=An SSL error has occurred and a secure
connection to the server cannot be made., NSUnderlyingError=0x5c4860
"An SSL error has occurred and a secure connection to the server
cannot be made."}
The problem is that the RKResponse delegate methods never get called.
None of these:
- (BOOL)isServerTrusted:(SecTrustRef)trust
- (void)connection:(NSURLConnection *)connection
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge
*)challenge
- (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)space
It seems that the "Would you like to connect to the server anyway is
taken like a response, and a failure... " What should I check/do?
Thank you!
Marton Szabo
I have a strange problem with our self signed certificate, I cannot
find the answer, I get back this:
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred
and a secure connection to the server cannot be made."
UserInfo=0x5c79a0 {NSErrorFailingURLStringKey=https://ourserver,
NSLocalizedRecoverySuggestion=Would you like to connect to the server
anyway?, NSErrorFailingURLKey=https://ourserver,
NSLocalizedDescription=An SSL error has occurred and a secure
connection to the server cannot be made., NSUnderlyingError=0x5c4860
"An SSL error has occurred and a secure connection to the server
cannot be made."}
The problem is that the RKResponse delegate methods never get called.
None of these:
- (BOOL)isServerTrusted:(SecTrustRef)trust
- (void)connection:(NSURLConnection *)connection
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge
*)challenge
- (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)space
It seems that the "Would you like to connect to the server anyway is
taken like a response, and a failure... " What should I check/do?
Thank you!
Marton Szabo
David Steinberger
Aug 3, 2011, 1:17:32 PM8/3/11
to res...@googlegroups.com
I just sat down to work on allowing self-signed certificates.
I'm facing a the same behavior: The delegate doesn't get called.
I'm facing a the same behavior: The delegate doesn't get called.
If you find out why, please do report back. I'll do the same.
Sixten Otto
Aug 3, 2011, 1:18:08 PM8/3/11
to RestKit
On Aug 3, 10:51 am, jollyblade <jollybl...@gmail.com> wrote:
> The problem is that the RKResponse delegate methods never get called.
What documentation there is for this functionality is largely in my
> The problem is that the RKResponse delegate methods never get called.
pull request: https://github.com/RestKit/RestKit/pull/131
I'd start by verifying that you have added the Security.framework to
your target, and set the preprocessor variable RESTKIT_SSL_VALIDATION
that enables the support for self-signed certs.
In order to actually validate the server's cert, you'll need to
provide the public version of the signing cert (as a
SecCertificateRef) to the RKClient. There's a code snippet in the pull
request showing one way to do this.
Sixten
Marton Szabo
Aug 3, 2011, 1:50:49 PM8/3/11
to res...@googlegroups.com, RestKit
Hi,
Thank you for the comment. I have the security fw added as it worked before with a previous rest kit. Also i have the cert added as trusted. So there must be something in the latest version.
Marton
Sent from my iPhone
Márton Szabó
Aug 4, 2011, 2:14:52 AM8/4/11
to res...@googlegroups.com
Dear Sixten,
I tried everything I found in your pull request.
Security FW was already added. I defined the RESTKIT_SSL_VALIDATION flag, but it does not matter, because the delegate is not called, where it would have effect. I was thinking about instances, so maybe it can happen, that a different objects delegate methods are called than the one I am expecting, but I cannot really find out which one and how.
What could be the reason that a delegate in RKResponse in not called. I have the breakpoints in the challenge, canauthenticate, didreceivedata, didreceiveresponse, etc, but it seems that the response is not even playing, it seems that before sending something, the NSURLConnection calls back to didFailWithError.
Still the same:
Encountered an error: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x5d3fe30 {NSErrorFailingURLStringKey=https://someurl, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://somurl, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSUnderlyingError=0x5d3b5d0 "An SSL error has occurred and a secure connection to the server cannot be made."}
Thank you for your help,
Marton
2011/8/3 Marton Szabo <jolly...@gmail.com>
Márton Szabó
Aug 8, 2011, 9:43:12 AM8/8/11
to res...@googlegroups.com
Hello,
Does anybody maybe have some more ideas to this topic?
Thank you very much,
Marton Szabo
C Bennett
Aug 8, 2011, 11:01:05 AM8/8/11
to RestKit
I am having the same issue here using 0.9.3. I have
client.disableCertificateValidation = NO set, but self-signed certs
produce the following:
"An SSL error has occurred and a secure connection to the server
cannot be made." UserInfo=0x9c13150
{NSErrorFailingURLStringKey=https://URL,
On Aug 8, 9:43 am, Márton Szabó <jollybl...@gmail.com> wrote:
> Hello,
>
> Does anybody maybe have some more ideas to this topic?
>
> Thank you very much,
> Marton Szabo
>
client.disableCertificateValidation = NO set, but self-signed certs
produce the following:
"An SSL error has occurred and a secure connection to the server
{NSErrorFailingURLStringKey=https://URL,
NSLocalizedRecoverySuggestion=Would you like to connect to the server
anyway?, NSErrorFailingURLKey=https://URL
On Aug 8, 9:43 am, Márton Szabó <jollybl...@gmail.com> wrote:
> Hello,
>
> Does anybody maybe have some more ideas to this topic?
>
> Thank you very much,
> Marton Szabo
>
> 2011. augusztus 4. 8:14 Márton Szabó írta, <jollybl...@gmail.com>:
>
>
>
> > Dear Sixten,
>
> > I tried everything I found in your pull request.
>
> > Security FW was already added. I defined the RESTKIT_SSL_VALIDATION flag,
> > but it does not matter, because the delegate is not called, where it would
> > have effect. I was thinking about instances, so maybe it can happen, that a
> > different objects delegate methods are called than the one I am expecting,
> > but I cannot really find out which one and how.
>
> > What could be the reason that a delegate in RKResponse in not called. I
> > have the breakpoints in the challenge, canauthenticate, didreceivedata,
> > didreceiveresponse, etc, but it seems that the response is not even playing,
> > it seems that before sending something, the NSURLConnection calls back to
> > didFailWithError.
>
> > Still the same:
>
> > * Encountered an error: Error Domain=NSURLErrorDomain Code=-1200 "An SSL
>
>
>
> > Dear Sixten,
>
> > I tried everything I found in your pull request.
>
> > Security FW was already added. I defined the RESTKIT_SSL_VALIDATION flag,
> > but it does not matter, because the delegate is not called, where it would
> > have effect. I was thinking about instances, so maybe it can happen, that a
> > different objects delegate methods are called than the one I am expecting,
> > but I cannot really find out which one and how.
>
> > What could be the reason that a delegate in RKResponse in not called. I
> > have the breakpoints in the challenge, canauthenticate, didreceivedata,
> > didreceiveresponse, etc, but it seems that the response is not even playing,
> > it seems that before sending something, the NSURLConnection calls back to
> > didFailWithError.
>
> > Still the same:
>
> > error has occurred and a secure connection to the server cannot be made."
> > UserInfo=0x5d3fe30 {NSErrorFailingURLStringKey=https://someurl,
> > NSLocalizedRecoverySuggestion=Would you like to connect to the server
> > anyway?, NSErrorFailingURLKey=https://somurl, NSLocalizedDescription=An
> > SSL error has occurred and a secure connection to the server cannot be
> > made., NSUnderlyingError=0x5d3b5d0 "An SSL error has occurred and a secure
> > connection to the server cannot be made."}*
> > UserInfo=0x5d3fe30 {NSErrorFailingURLStringKey=https://someurl,
> > NSLocalizedRecoverySuggestion=Would you like to connect to the server
> > anyway?, NSErrorFailingURLKey=https://somurl, NSLocalizedDescription=An
> > SSL error has occurred and a secure connection to the server cannot be
> > made., NSUnderlyingError=0x5d3b5d0 "An SSL error has occurred and a secure
> > Thank you for your help,
> > Marton
>
> > 2011/8/3 Marton Szabo <jollybl...@gmail.com>
> > Marton
>
C Bennett
Aug 8, 2011, 11:07:37 AM8/8/11
to RestKit
The following NSURLConnection delegate method is not being called in
RKResponse.
- (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)space {
RKResponse.
- (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)space {
> Hello,
>
> Does anybody maybe have some more ideas to this topic?
>
> Thank you very much,
> Marton Szabo
>
>
> Does anybody maybe have some more ideas to this topic?
>
> Thank you very much,
> Marton Szabo
>
> 2011. augusztus 4. 8:14 Márton Szabó írta, <jollybl...@gmail.com>:
>
>
>
> > Dear Sixten,
>
> > I tried everything I found in your pull request.
>
> > Security FW was already added. I defined the RESTKIT_SSL_VALIDATION flag,
> > but it does not matter, because the delegate is not called, where it would
> > have effect. I was thinking about instances, so maybe it can happen, that a
> > different objects delegate methods are called than the one I am expecting,
> > but I cannot really find out which one and how.
>
> > What could be the reason that a delegate in RKResponse in not called. I
> > have the breakpoints in the challenge, canauthenticate, didreceivedata,
> > didreceiveresponse, etc, but it seems that the response is not even playing,
> > it seems that before sending something, the NSURLConnection calls back to
> > didFailWithError.
>
> > Still the same:
>
> > * Encountered an error: Error Domain=NSURLErrorDomain Code=-1200 "An SSL
>
>
>
> > Dear Sixten,
>
> > I tried everything I found in your pull request.
>
> > Security FW was already added. I defined the RESTKIT_SSL_VALIDATION flag,
> > but it does not matter, because the delegate is not called, where it would
> > have effect. I was thinking about instances, so maybe it can happen, that a
> > different objects delegate methods are called than the one I am expecting,
> > but I cannot really find out which one and how.
>
> > What could be the reason that a delegate in RKResponse in not called. I
> > have the breakpoints in the challenge, canauthenticate, didreceivedata,
> > didreceiveresponse, etc, but it seems that the response is not even playing,
> > it seems that before sending something, the NSURLConnection calls back to
> > didFailWithError.
>
> > Still the same:
>
> > error has occurred and a secure connection to the server cannot be made."
> > UserInfo=0x5d3fe30 {NSErrorFailingURLStringKey=https://someurl,
> > NSLocalizedRecoverySuggestion=Would you like to connect to the server
> > anyway?, NSErrorFailingURLKey=https://somurl, NSLocalizedDescription=An
> > SSL error has occurred and a secure connection to the server cannot be
> > made., NSUnderlyingError=0x5d3b5d0 "An SSL error has occurred and a secure
> > connection to the server cannot be made."}*
> > UserInfo=0x5d3fe30 {NSErrorFailingURLStringKey=https://someurl,
> > NSLocalizedRecoverySuggestion=Would you like to connect to the server
> > anyway?, NSErrorFailingURLKey=https://somurl, NSLocalizedDescription=An
> > SSL error has occurred and a secure connection to the server cannot be
> > made., NSUnderlyingError=0x5d3b5d0 "An SSL error has occurred and a secure
> > Thank you for your help,
> > Marton
>
> > 2011/8/3 Marton Szabo <jollybl...@gmail.com>
> > Marton
>
Márton Szabó
Aug 8, 2011, 11:09:47 AM8/8/11
to res...@googlegroups.com
Yes, I have the same, and I tried everything I could find over the internet...
And it worked before we migrated to 0.9.3 like a charm.
2011/8/8 C Bennett <cben...@front-ended.com>
jollyblade
Aug 15, 2011, 9:27:45 AM8/15/11
to RestKit
Hi,
So this issue is still open form my side, I was struggling with it for
days...
Can somebody suggest anything?
Thanks,
Marton
On Aug 8, 5:09 pm, Márton Szabó <jollybl...@gmail.com> wrote:
> Yes, I have the same, and I tried everything I could find over the
> internet...
> And it worked before we migrated to 0.9.3 like a charm.
>
> 2011/8/8 C Bennett <cbenn...@front-ended.com>
So this issue is still open form my side, I was struggling with it for
days...
Can somebody suggest anything?
Thanks,
Marton
On Aug 8, 5:09 pm, Márton Szabó <jollybl...@gmail.com> wrote:
> Yes, I have the same, and I tried everything I could find over the
> internet...
> And it worked before we migrated to 0.9.3 like a charm.
>
Blake Watters
Aug 15, 2011, 9:44:43 PM8/15/11
to res...@googlegroups.com
Blake Watters
Aug 15, 2011, 10:03:11 PM8/15/11
to res...@googlegroups.com
I am confused, I just put a self-signed certificate up on blakewatters.com and wrote this unit test:
- (void)itShouldOptionallySkipSSLValidation {
RKClient* client = RKSpecNewClient();
client.disableCertificateValidation = YES;
NSURL* URL = [NSURL URLWithString:@"https://blakewatters.com/"];
RKSpecResponseLoader* loader = [RKSpecResponseLoader responseLoader];
RKRequest* request = [RKRequest requestWithURL:URL delegate:loader];
[request send];
[loader waitForResponse];
assertThatBool([loader.response isOK], is(equalToBool(YES)));
}
The request succeeds and I get a 200 response. Commenting out `disableCertificateValidation = YES;` results in a failure due to an SSL error. I am working off of the latest master and not the 0.9.3 tag, but I don't recall any changes that should have affected it.
What code are you guys firing the exhibits the symptom?
Aet
Nov 6, 2012, 3:26:27 AM11/6/12
to res...@googlegroups.com
I have got exactly the same problems and for me the disableCertificateValidation = YES does not help me. Still getting the error "The certificate for this server is invalid. You might be connecting to a server that is pretending to be HIDDENURL which could put your confidential information at risk...".
Blake Watters
Dec 17, 2012, 10:27:08 PM12/17/12
to res...@googlegroups.com
Under 0.20 with the AFNetworking stack, you can just add `#define _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_ 1` to your pch file.
Amit Chauhan
Feb 6, 2013, 1:34:42 PM2/6/13
to res...@googlegroups.com
Adding _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_ will disable cert validation for all hosts.
In most cases, I want to disable cert validations for dev environments but not for production.
Is there a way to selectively enable/disable cert validation based on which environment I connect to (basically which Congifuration I am using, Debug or Release)?
Thanks
Amit
In most cases, I want to disable cert validations for dev environments but not for production.
Is there a way to selectively enable/disable cert validation based on which environment I connect to (basically which Congifuration I am using, Debug or Release)?
Thanks
Amit
Amit Chauhan
Feb 6, 2013, 6:43:46 PM2/6/13
to res...@googlegroups.com
Wanted to add the way I finally implemented it taking Blake's suggestion and subclassing RKHTTPRequestOperation. Hope there was more of a configuration within RestKit to handle this though.
Below is the code I have in case it can help others:
Then I registered this class like this:
Below is the code I have in case it can help others:
#import <RestKit/RestKit.h>
@interface myRKHTTPRequestOperation : RKHTTPRequestOperation
@end
#import "myRKHTTPRequestOperation.h"
@implementation myRKHTTPRequestOperation
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust])
{
if([self bypassSslCertValidation:protectionSpace])
{
return YES; // Self-signed cert will be accepted
}
else
{
return [super connection:connection canAuthenticateAgainstProtectionSpace:protectionSpace]; // Self-signed cert will be rejected
}
}
return [super connection:connection canAuthenticateAgainstProtectionSpace:protectionSpace];
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
if([self bypassSslCertValidation:challenge.protectionSpace])
{
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
return; // Self-signed cert will be accepted
}
else
{
return [super connection:connection didReceiveAuthenticationChallenge:challenge]; // Self-signed cert will be rejected
}
return;
}
}
- (BOOL) bypassSslCertValidation:(NSURLProtectionSpace *) protectionSpace
{
if([[Environment getConfiguration] isEqualToString: @"DEV"] || [[Environment getConfiguration] isEqualToString: @"QA"])
{
DDLogInfo(@"Skipping SSL cert validation for Configuration %@", [Environment getConfiguration]);
return YES;
}
else
{
return NO;
}
}
@end
Then I registered this class like this:
self.objectManager = [RKObjectManager managerWithBaseURL:[NSURL URLWithString:@"www.mydomain.com"]];
[RKObjectManager setSharedManager:self.objectManager];
self.objectManager.requestSerializationMIMEType = RKMIMETypeJSON;
[self.objectManager registerRequestOperationClass:[myRKHTTPRequestOperation class]];
Alicia Tams
Feb 11, 2013, 7:01:43 PM2/11/13
to res...@googlegroups.com
Unfortunately subclassing is not working at all for me. I'm using cocoa pods and 0.20 master, adding the compiler flag to the cocoapods pch file works fine. Nothing else seems to work. I would love to get subclassing working because then I can define staging / production hosts to force / ignore.
Alicia Tams
Feb 11, 2013, 7:43:32 PM2/11/13
to res...@googlegroups.com
Update: calling my subclass directly works flawlessly, seems like registerRequestOperationClass is not actually working.
Amit Chauhan
Feb 12, 2013, 5:20:29 PM2/12/13
to res...@googlegroups.com
Strange. registerRequestOperationClass works perfectly for me.
I debugged and navigated the code too to see how its grabbing my own implementation, and its doing that correctly. Did you try adding breakpoints and navigating the code?
Put a breakpoint inside following method of RKObjectManager.m:
- (RKObjectRequestOperation *)objectRequestOperationWithRequest:(NSURLRequest *)request
success:(void (^)(RKObjectRequestOperation *operation, RKMappingResult *mappingResult))success
failure:(void (^)(RKObjectRequestOperation *operation, NSError *error))failure
Its on line 487 for me.
Thanks
Amit
I debugged and navigated the code too to see how its grabbing my own implementation, and its doing that correctly. Did you try adding breakpoints and navigating the code?
Put a breakpoint inside following method of RKObjectManager.m:
- (RKObjectRequestOperation *)objectRequestOperationWithRequest:(NSURLRequest *)request
success:(void (^)(RKObjectRequestOperation *operation, RKMappingResult *mappingResult))success
failure:(void (^)(RKObjectRequestOperation *operation, NSError *error))failure
Its on line 487 for me.
Thanks
Amit
Reply all
Reply to author
Forward
0 new messages