I did figure out how to resolve this issue.
I ended up comparing the client and server trust certificates,
byte-by-byte. Although there could be another way to resolve such issues
of self-signed certificate, but for this solution did work.
Here is how I'm doing comparison of the client and server certificates,
byte-by-byte, using their CFData objects(you can also reference
'AdvancedURLConnections' example code provided by Apple):
success = NO;
pServerCert = SecTrustGetLeafCertificate(trust);
if (clientCert != NULL) {
CFDataRef clientCertData;
CFDataRef serverCertData;
clientCertData = SecCertificateCopyData(clientCert);
serverCertData = SecCertificateCopyData(pServerCert);
assert(clientCertData != NULL);
assert(serverCertData != NULL);
success = CFEqual(clientCertData, serverCertData);
CFRelease(clientCertData);
CFRelease(serverCertData);
}
if (success) {
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
[self printLogToConsole:@"Success! Trust validation successful."];
} else {
[self printLogToConsole:@"Failed! Trust evaluation failed for service root certificate.\n"];
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
Hope this will help someone, who is looking for solution of similar issue,
No comments:
Post a Comment