Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to encapsulate UIWebView which can handle both http and https request on ios platform, especially for https, it should handle both trust and unverified (developer defined) certificates. Any open source available to take reference?
Thanks in advance.
Graham Lee discusses some of the things you can do at On SSL Pinning for Cocoa [Touch]. Its about as close as you are going to get to open source – its sample code that shows you how to do it with
NSURLConnectionandNSURLConnectionDelegate.Lee’s article discusses how to pin a public key, which improves security on the channel. Public Key Pinning is equivalent to
StrictHostKeyCheckingin SSH. In addition, I believe you can useNSURLConnectionandNSURLConnectionDelegateto trust your [otherwise] untrusted certificates (I don’t observe the practice, so I’m not sure of the details).Be careful of lessening (ruining?) the security built into the channel. A survey and analysis of dumb developer decisions was recently published at Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security. Its not limited to Android.