0

I want to validate SSL certificate in my app and i am using AFNetworking for validating certificate.

For SSL validation i am using openssl,libcrypto.a and libssl.a

My problem is that validation process was complete with NSURLConnection delegate methods, but using AFNetworking its not working.

 NSURL *url = [NSURL URLWithString:@"https://www.google.com"];
    NSURLRequest *req = [NSURLRequest requestWithURL:url];

AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:req];
    [operation setCompletionBlockWithSuccess: ^(AFHTTPRequestOperation *operation, id responseObject) {

        NSString *stringResponse = [[NSString alloc] initWithData:responseObject
                                                         encoding:NSUTF8StringEncoding];
//        [self.webView loadHTMLString:stringResponse baseURL:nil];
        NSLog(@"Responce-->>%@",stringResponse);

    } failure: ^(AFHTTPRequestOperation *operation, NSError *error) {

//        [self.webView loadHTMLString:error.localizedDescription baseURL:nil];
        NSLog(@"Responce-->>%@",error.localizedDescription);

    }];

    [operation start];

    [operation setWillSendRequestForAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge)
     {

         if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
         {
             // By now, the OS will already have built a SecTrustRef instance for
             // the server certificates; we just need to evaluate it
             SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
             SecTrustResultType res;
             OSStatus status = SecTrustEvaluate(serverTrust, &res);

             bool verified = FALSE;
             if (status == errSecSuccess && ((res == kSecTrustResultProceed) || (res == kSecTrustResultUnspecified)))
             {
                 NSLog(@"iOS certificate chain validation for host %@ passed", challenge.protectionSpace.host);

                 verified = verifyWithOpenSSL(serverTrust);
             }
             else
             {
                 NSLog(@"iOS certificate chain validation for host %@ failed", challenge.protectionSpace.host);
             }

             if (verified)
             {
                 // If *both* verifications succeeded, then continue with the connection
                 NSURLCredential *successCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
                 [challenge.sender useCredential:successCredential
                      forAuthenticationChallenge:challenge];
             }
             else
             {

                 [challenge.sender cancelAuthenticationChallenge:challenge];
             }
         } else {

             [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
         }


     }];

This is a code of AFNetworking for validation, I don't know whether it is wrong or correct.

But this process was completely work with NSURLConnection.

So please help.

Diken Shah
  • 1,189
  • 9
  • 25

1 Answers1

0

AFNetworking 2 makes this really easy. First, add your SSL certificate to your app bundle. The certificate should have a .cer extension. Second, set a securityPolicy for your operation: 

operation.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];

By default, AFNetworking will validate the remote certificate against the one bundled with your app, ensuring that the domain name is correct, that both were issued with the same keypair, and that the certificate chain is valid.

David Snabel-Caunt
  • 57,804
  • 13
  • 114
  • 132