3

What is the equivalent Swift code of the Objective-C code below?

[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];
Dustin Sun
  • 5,292
  • 9
  • 49
  • 87

2 Answers2

5

SOLUTION:

Add this to file info.plist which will force ATS to accept self signed certificate:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>localhost</key>
        <dict>
            <!--Include to allow subdomains-->
            <key>NSIncludesSubdomains</key>
            <true/>
            <!--Include to allow HTTP requests-->
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <!--
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/> -->
        </dict>
    </dict>
</dict>

However, as explain here this is not enough. In each class where you will use NSURLSession you have to declare the following delegate:

class LoginService: NSObject, NSURLSessionDelegate {

func URLSession(session: NSURLSession,
    task: NSURLSessionTask,
    didReceiveChallenge challenge: NSURLAuthenticationChallenge,
    completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?)
    -> Void) {

    completionHandler(NSURLSessionAuthChallengeDisposition.UseCredential, NSURLCredential(forTrust: challenge.protectionSpace.serverTrust!))
}

...

}

And then perform something like the following:

let configuration = NSURLSessionConfiguration.defaultSessionConfiguration()

    let urlRequest: NSURLRequest = NSURLRequest(URL: requestURL)

    let session = NSURLSession(configuration: configuration, delegate: self, delegateQueue:NSOperationQueue.mainQueue())

    /*
    dataTaskWithRequest: creates an HTTP request for the specified URL request object, and calls a handler upon completion.
    */
    let task = session.dataTaskWithRequest(urlRequest...)

This works for me. Remember that you must use Apache 2.4.x because it's the only version supporting TLS 1.2. Hope this will help.

SagittariusA
  • 5,289
  • 15
  • 73
  • 127
  • 1
    This is by far the best and most complete description on StackOverflow. Of course you need to understand the risks, and so on. But if you just need to try something out, perfect! Thanks Regarding the risks: https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33 – lukas_o Apr 14 '16 at 12:47
  • you're very kind, thank you. I know the risk but the company I was working for did not want to have a server with ssl certificate because they say it costs too much, is it right? – SagittariusA Apr 15 '16 at 15:29
  • Security will always have some overhead in CPU power. I found this nice website about it: https://istlsfastyet.com/ I wonder if the company does any other optimisations possible. – lukas_o Apr 18 '16 at 10:02
  • Ehm, when they say it costs too much they mean that buying or renting a server with a ssl certificate is very money expensive... – SagittariusA Apr 27 '16 at 07:09
  • 1
    To check target server's TLS parameters do this in Terminal: "openssl s_client -connect :" and check the fields for "SSL-Session:..." in the end of the answer. – Vitalii May 11 '16 at 20:56
-1

This is not available on the Foundation framework. It's from Apple private API and Apple says that your application will get rejected if you use private API.

Lucas Huang
  • 3,998
  • 3
  • 20
  • 29
  • 3
    While true, that is irrelevant since the initial question could pertain to a testing environment on localhost, etc – Joel Jul 06 '15 at 19:38