5

I have searched for hours regarding the NSURLConnection delegates/methods that allows me to use to connect to any HTTPS servers. Even I searched on this site and I found answers, answers which didn't work for me.

I will upload the code link if any of you want me to. But I would prefer a tutorial / sample codes / source code of a simple UIWebView connecting to any HTTPS Servers. And I will take it from there.

Thanks in advance.

Melvin Lai
  • 861
  • 3
  • 17
  • 35

2 Answers2

10

Whether you are connecting to a HTTPS or HTTP site should be completely transparent both for NSURLConnection and for UIWebView controls. The only thing you may need to do is, if the server sites certificate is a self-signed or non-verifiable certificate, add code to bypass the authentication challenge that the browser gets. (i.e. the equivalent of the message that the certificate is signed by an unknown authority and do you want to accept it).

Just use a @"https://www.myhttpsite.com/" URL and it should work the same way as normal HTTP urls.

To bypass the security issue of an unrecognised certificate signer, for an NSURLConnection, add the following to your delegate methods:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    NSArray *trustedHosts = [NSArray arrayWithObjects:@"mytrustedhost",nil];

    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
        if ([trustedHosts containsObject:challenge.protectionSpace.host]) {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
        }
    }
    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

In pre iOS4.3 you need to do something a bit different, you can add a category to the URLRequest class that implements security bypass for certificates from an unrecognised host.

Note be careful with any solution that ignores that a certificate isn't signed by a recognised authority as you are opening up a potential security hole when doing it, but it often is necessary at least for testing against a test server that has self/internally signed certificate on it.

To open a URL connection in a web view:

NSURL *websiteUrl = [NSURL URLWithString:@"https://www.mysecuresite.com/"];
NSURLRequest *urlRequest = [NSURLRequest requestWithURL:websiteurl];
[myWebView loadRequest:urlRequest];
gamozzii
  • 3,911
  • 1
  • 30
  • 34
  • `if the server sites certificate is a self-signed or non-verifiable certificate` How do I know if the site is either self-signed or non-verifiable? And I just tested that code, I am getting a white screen still. Is there a method I need to enter before `[webView loadRequest:requestObj];`? – Melvin Lai Feb 03 '12 at 04:28
  • Typically you would get a warning message when accessing the same site in your standard web browser (e.g. safari on your desktop) asking if you are willing to trust the certificate that is signed by an unknown certificate authority. – gamozzii Feb 03 '12 at 04:43
  • added example of code that would load a https request into a webview that was connected as an outlet for example in our view controller. – gamozzii Feb 03 '12 at 04:46
  • Ok... That had been done in the first place, but it did not work. My concern is this, I have added a `` in the .h and despite having the `-(void)connection: ` method you supplied, putting a breakpoint at the `connection: ` method shows that it would not step into it. Of course I somehow know why it isn't executing the method, but wouldn't it be automatically execute if I declared the `NSURLConnectionDelegate` ? – Melvin Lai Feb 03 '12 at 05:01
  • Have you checked that you can load a non-https URL? its not something simple like forgetting to wire up the UIWebView outlet is it? Also if you're not getting any errors relating to the certificate in your safari browser then this delegate method wouldn't be called in the iphone either - it only gets called if the issue is signed by an unknown certificate authority. – gamozzii Feb 03 '12 at 05:39
  • Yes, IBOutlets are connected correctly and I am able to load non-http urls. But I do get a 'Directory Listing Denied' on my Safari. I also tried the https site you provided, I can't enter it both on Mac and PC – Melvin Lai Feb 03 '12 at 06:34
  • the one i provided was just a dummy example - but you could try with any https site on the web. (e.g. amazon login page) – gamozzii Feb 03 '12 at 08:02
  • Tried almost quite a number of https sites, all returns a blank screen. Would it be a lot of trouble if you could compile a source code for me to test? I know that you have done up a dummy example up there. But I really don't know why it isn't working on my side :( – Melvin Lai Feb 03 '12 at 08:09
4

Ok, I found my answer. Thanks gamozzii for assisting me as well. I did a search based on your codes :)

Load HTTPS url in a UIWebView

This works for me. I also tried links like https://www.google.com

Community
  • 1
  • 1
Melvin Lai
  • 861
  • 3
  • 17
  • 35
  • Hi Melvin - sorry for my terse comment before - glad that you persisted and found the solution - well done. – gamozzii Feb 04 '12 at 00:28
  • Hey, no problem. But what you told me helped me to find the method that work out :) But there is something I realized about the code, it `returns YES` means it will always return a true output. Now I have to find a way to return `YES` via some authentication. :( – Melvin Lai Feb 06 '12 at 01:35
  • hi Melvin Lai, do you find a way to return YES via authentication? because if i put the wrong username or password, its blank. thanks.. – Alfred Angkasa Oct 02 '12 at 16:12
  • @AlfredAngkasa that method I used did not require me to use username or password at all. – Melvin Lai Oct 19 '12 at 07:49