Titanium Community Questions & Answer Archive

We felt that 6+ years of knowledge should not die so this is the Titanium Community Questions & Answer Archive

HTTPS based webservices

We have been trying to call webservices in our app. The app is a simple event listing app which shows up schedule, evenue, tracks etc., by calling webservices.

the app works well when we call a url with http, but throws an error such as below.

{"source":"ti.modules.titanium.network.HTTPClientProxy@43eefd60","error":"hostname in certificate didn't match: <webservices.<domain>.org> != <build.<domain>.com> OR <build.<domain>.com> OR <www.build.<domain>.com> OR <api.<domain>.com> OR <build.<domain>.org> OR <api.<domain>.org>"}

— asked August 7th 2010 by sudhi seshachala
  • android
  • https
  • iphone

3 Answers

  • Accepted Answer

    HTTPClient has a validatesSecureCertificate property which defaults to false when run on simulator and true when run on device in release or distribution mode.

    To disable the SSL cerfiticate validation manually, use this before connecting to the service:

    myHttpClient.validatesSecureCertificate = false;
    — answered August 7th 2010 by Goran Skledar
    1 Comment
    • there is only one problem. Setting validatesSecureCertificate does not always work. In my experience, "validatesSecureCertificate" only gets picked up by HTTPClient on a second call.

      — commented July 19th 2011 by Greg Solovyev
  • You didn't mention which Mobile SDK version you are using and which device you're getting the error on (simulator, iphone, android, everywhere?).

    What you might want to try is download the latest continuous build and see if the problem persists if you rebuild the app with the newer Titanium SDK.

    I don't have issues accessing services over https, so it's also possible there is an issue with the certificate of that specific webservice you're trying to access. Is the certificate self-signed?

    — answered August 7th 2010 by Goran Skledar
  • We are using 1.4 SDK for Android and IPhone. When we published to Android is when we encountered this issue. However when we were testing on device, we were able to access the https webservices.

    Not sure if the https is self signed. Can you please explain little more on it?
    Thank you very much for your help.

    — answered August 7th 2010 by sudhi seshachala
The ownership of individual contributions to this community generated content is retained by the authors of their contributions.
All trademarks remain the property of the respective owner.