Webview SSL Certificate Error - No way to accept expired server certificate - IPad app
Titanium 1.6.2 - OSX Environment - IPad Application
I attempted to load a server url that has an expired ssl certificate into a webview. In the Titanium Developer debug window I received the error listed below. I have been unable to find a workaround for it.
In the Safari browser, a dialog window pops up giving me the option of being able to accept it. However, the same window does not popup in a webview.
Any help would be much appreciated
ERROR MESSAGE FOLLOWS:
[ERROR] Error loading: , Error: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid.
You might be connecting to a server that is pretending to be “xxxxx.xxxxxx.com” which could put your confidential information at risk."
UserInfo=0x6c474e0 {NSErrorFailingURLStringKey=https://xxxxx.xxxxxx.com/IronMountain/Common/Shared/Logon.aspx, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://xxxxx.xxxxxx.com.com/IronMountain/Common/Shared/Logon.aspx,
NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxx.xxxxxx.com” which could put your confidential information at risk.,
NSUnderlyingError=0x6c523b0 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxx.xxxxxx.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x6c49d80>}
3 Answers
-
Right,
I've been suffering from this too.
Firstly, the 'validatesSecureCertificate' won't work for the UIWebView as its only relevant for the XHR (ala HTTPClient).. it works there nicely..
Googling around this is a common problem with iPhone
http://www.cocoanetics.com/2009/11/ignoring-certificate-errors-on-nsurlrequest/
with a useful solution here
http://blog.timac.org/post-images/httpscertificate/cocoaSample.html
NB. This will fail the appstore due to a private API reference. There is another solution around for overriding some other delegates but it was a little fiddlier.
So to get the Ti.UI.WebView to ignore https certificates (during testing as you can't officially release) you need to modify the files in the SDK directory
You're looking for TiUIWebView.m which you'll find in your SDK directory such as
/Library/Application Support/Titanium/mobilesdk/osx/1.7.1/iphone/Classes/TiUIWebView.m
You need to make changes as in the cocoaSample.html reference.. but just do this…
Just above
@implementation TiUIWebView
You should paste this code
/* Chris -- http://blog.timac.org/post-images/httpscertificate/cocoaSample.html -- http://www.cocoanetics.com/2009/11/ignoring-certificate-errors-on-nsurlrequest/ */ @interface NSURLRequest (DummyInterface) + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host; + (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host; @end
This just sorts out a warning AFAIK.
Then you need to modify the code here in
-(void)setUrl_:(id)args
Look for and modify this
if ([self isURLRemote]) { NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url]; /* Chris: Modified to ignore certificates */ // Use the private method setAllowsAnyHTTPSCertificate:forHost: // to not validate the HTTPS certificate. [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]]; [self loadURLRequest:request]; if (scalingOverride==NO) { [[self webview] setScalesPageToFit:YES]; } }
This will now work if you have your code do this back in TI land.
var webView = Ti.UI.createWebView({ }); win.add(webView); webView.url = 'https://something.com';
Remember to do a complete clean rebuild so the files get copied back across from the SDK into your apps local build directory. (I'm on Ti Studio, with Ti Dev you'll need to clean out the build iphone directory yourself)
Hope that helps, I'd love to see something a bit more official into Titanium so its a setting/field and is using the API compliant method thats kicking around on stackoverflow.com but this'll get you moving.
Chris
-
Sharmil
You should be able to set the
validatesSecureCertificate
property of Titanium.Network.HTTPClient to false to accept invalid certificates.Let me know if this works.
Cheers
-
I have a similar problem on Android. Does anyone know how to fix it there? It involves WebView as well, not HTTPClient.