Titanium Community Questions & Answer Archive

We felt that 6+ years of knowledge should not die so this is the Titanium Community Questions & Answer Archive

Webview SSL Certificate Error - No way to accept expired server certificate - IPad app

Titanium 1.6.2 - OSX Environment - IPad Application

I attempted to load a server url that has an expired ssl certificate into a webview. In the Titanium Developer debug window I received the error listed below. I have been unable to find a workaround for it.

In the Safari browser, a dialog window pops up giving me the option of being able to accept it. However, the same window does not popup in a webview.

Any help would be much appreciated

ERROR MESSAGE FOLLOWS:

[ERROR] Error loading: , Error: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid.

You might be connecting to a server that is pretending to be “xxxxx.xxxxxx.com” which could put your confidential information at risk."

UserInfo=0x6c474e0 {NSErrorFailingURLStringKey=https://xxxxx.xxxxxx.com/IronMountain/Common/Shared/Logon.aspx, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://xxxxx.xxxxxx.com.com/IronMountain/Common/Shared/Logon.aspx,

NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxx.xxxxxx.com” which could put your confidential information at risk.,

NSUnderlyingError=0x6c523b0 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxx.xxxxxx.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x6c49d80>}

— asked May 24th 2011 by Sharmil Hassan
  • ipa
  • ssl
  • webview
0 Comments

3 Answers

  • Right,

    I've been suffering from this too.

    Firstly, the 'validatesSecureCertificate' won't work for the UIWebView as its only relevant for the XHR (ala HTTPClient).. it works there nicely..

    Googling around this is a common problem with iPhone

    http://www.cocoanetics.com/2009/11/ignoring-certificate-errors-on-nsurlrequest/

    with a useful solution here

    http://blog.timac.org/post-images/httpscertificate/cocoaSample.html

    NB. This will fail the appstore due to a private API reference. There is another solution around for overriding some other delegates but it was a little fiddlier.

    So to get the Ti.UI.WebView to ignore https certificates (during testing as you can't officially release) you need to modify the files in the SDK directory

    You're looking for TiUIWebView.m which you'll find in your SDK directory such as

    /Library/Application Support/Titanium/mobilesdk/osx/1.7.1/iphone/Classes/TiUIWebView.m

    You need to make changes as in the cocoaSample.html reference.. but just do this…

    Just above

    @implementation TiUIWebView
    

    You should paste this code

    /* Chris  --  http://blog.timac.org/post-images/httpscertificate/cocoaSample.html   -- http://www.cocoanetics.com/2009/11/ignoring-certificate-errors-on-nsurlrequest/ */
    @interface NSURLRequest (DummyInterface)
    
    + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
    
    + (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
    
    @end
    

    This just sorts out a warning AFAIK.

    Then you need to modify the code here in

    -(void)setUrl_:(id)args
    

    Look for and modify this

    
        if ([self isURLRemote])
        {
    
            NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
    
            /* Chris: Modified to ignore certificates */
            // Use the private method setAllowsAnyHTTPSCertificate:forHost:
            // to not validate the HTTPS certificate.
            [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];
    
            [self loadURLRequest:request];
            if (scalingOverride==NO)
            {
                [[self webview] setScalesPageToFit:YES];
            }
        }
    

    This will now work if you have your code do this back in TI land.

            var webView = Ti.UI.createWebView({
            });
    
            win.add(webView);
    
    
            webView.url = 'https://something.com';
    

    Remember to do a complete clean rebuild so the files get copied back across from the SDK into your apps local build directory. (I'm on Ti Studio, with Ti Dev you'll need to clean out the build iphone directory yourself)

    Hope that helps, I'd love to see something a bit more official into Titanium so its a setting/field and is using the API compliant method thats kicking around on stackoverflow.com but this'll get you moving.

    Chris

    — answered July 19th 2011 by Chris Moore
    permalink
    1 Comment
    • Thanks mate!

      — commented August 6th 2012 by John Assael
  • Sharmil

    You should be able to set the validatesSecureCertificate property of Titanium.Network.HTTPClient to false to accept invalid certificates.

    Let me know if this works.

    Cheers

    — answered May 25th 2011 by Paul Dowsett
    permalink
    2 Comments
    • Thanks for your response Paul, but I'm a bit confused about this. How do I set this property for the webview since I am loading the page using the URL property of the webview and not creating an HTTPClient connection. Is this an undocumented property of the webview.

      — commented May 26th 2011 by Sharmil Hassan
    • What am I missing, I can't find where to set Titanium.Network.HTTPClient for a Titanium.UI.WebView.

      — commented July 11th 2011 by John Doxey
  • I have a similar problem on Android. Does anyone know how to fix it there? It involves WebView as well, not HTTPClient.

    — answered November 1st 2011 by Conny Svensson
    permalink
    4 Comments
    • I have the same problem in Android with WebView. Works fine in iOS but in Android not works… any solution?

      Thanks

      — commented March 28th 2012 by Christian Heine
    • Did you find a solution. I get a blank page on android when displaying a secure page with a valid certificate in a webview, but works fine on IOS.

      — commented July 25th 2012 by Marcus Williams
    • I have same problem with webview, does anyone got solution with webview?

      — commented November 29th 2012 by Pramod Rauniyar
    • I'm not sure you haven't resolved this yet. But from Titanium 3.x, there is ignoreSslError property which you can set it to be true so that webview ignores ssl certificate issue.

      Although, this property resolved ssl certificate issue, I'd like to catch URL_ERROR_SSL_FAILED value to show dialog with buttons (Cancel, Show Certificate, Continue). If you know how to implement it in this way, please share

      — commented May 13th 2014 by Nam Phan
The ownership of individual contributions to this community generated content is retained by the authors of their contributions.
All trademarks remain the property of the respective owner.