All geek questions in one place

Getting "The certificate for this server is invalid." on iPad when downloading images from Amazon S3 (HTTPS), but no errors on the simulator

I am trying to display an image that is stored in an Amazon S3 bucket. The URL is similar to https://s3.amazon.com/..../test.jpg . Whenever I do this on an iPhone simulator, the image is displayed correctly. However, if I test it on the device itself, I continue to receive:

Domain Error = NSURLErrorDomain Code = -1202 "The certificate for this server is not valid. Perhaps you are connecting to a server that is pretending to be" s3.amazonaws.com ", which may information is at risk." UserInfo = 0x20007030 {NSErrorFailingURLStringKey = https://s3.amazonaws.com/.../test.jpeg , NSLocalizedRecoverySuggestion = Do you want to connect to the server? anyway ?, NSErrorFailingURLKey = https://s3.amazonaws.com/.../test.jpeg , NSLocalizedDescription = The certificate for this server is not valid. You may be connected to a server that pretends to be “s3.amazonaws.com", which may put your sensitive information at risk. NSUnderlyingError = 0x20014d40 "The certificate for this server is invalid. You may be connecting to a server that is pretending to be" s3 .amazonaws.com "that may put your sensitive information at risk.", NSURLErrorFailingURLPeerTrustErrorKey =}

Any ideas ?!

Thanks!

+6
source share
2 answers

I was getting the same certificate error from S3 and found that adding this to NSURLConnectionDelegate fixes the problem:

-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && [challenge.protectionSpace.host hasSuffix:@"example.com"]) { // accept the certificate anyway [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; } else { [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge]; } }

NOTE. You will need to change "example.com" to a domain you trust, or use a more sophisticated mechanism than "hasSuffix".

FYI Apple Technote TN2232 "HTTPS Server Trust Assessment" describes in detail why the certificate was rejected and how to process it: https://developer.apple.com/library/ios/technotes/tn2232/_index.html

Thanks to Gordon Henriksen for answering fooobar.com/questions/24843 / ... but using the older api.

+12
source

You can also check the device date (if by mistake / intentionally someone changed it for the future), if you have a trusted certificate, and yet it gives this error.

0
source

Source: https://habr.com/ru/post/951909/

More articles:


All Articles