Patched issue #263 - (can't revert 'validatesSecureCertificate' once set to 'NO' on new requests)

@@ -1198,18 +1198,28 @@ static NSOperationQueue *sharedQueue = nil;
     // Handle SSL certificate settings
     // Handle SSL certificate settings
     //
     //
 
 
-    if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {
-
-        NSMutableDictionary *sslProperties = [NSMutableDictionary dictionaryWithCapacity:1];
-
+    if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {       
+       
         // Tell CFNetwork not to validate SSL certificates
         // Tell CFNetwork not to validate SSL certificates
         if (![self validatesSecureCertificate]) {
         if (![self validatesSecureCertificate]) {
-            [sslProperties setObject:(NSString *)kCFBooleanFalse forKey:(NSString *)kCFStreamSSLValidatesCertificateChain];
-        }
-
+            // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html
+            
+            NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
+                                      [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
+                                      [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
+                                      [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
+                                      kCFNull,kCFStreamSSLPeerName,
+                                      nil];
+            
+            CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
+                                    kCFStreamPropertySSLSettings, 
+                                    (CFTypeRef)sslProperties);
+        } 
+        
         // Tell CFNetwork to use a client certificate
         // Tell CFNetwork to use a client certificate
         if (clientCertificateIdentity) {
         if (clientCertificateIdentity) {
-
+            NSMutableDictionary *sslProperties = [NSMutableDictionary dictionaryWithCapacity:1];
+            
 			NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[clientCertificates count]+1];
 			NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[clientCertificates count]+1];
 
 
 			// The first object in the array is our SecIdentityRef
 			// The first object in the array is our SecIdentityRef
@@ -1219,10 +1229,12 @@ static NSOperationQueue *sharedQueue = nil;
 			for (id cert in clientCertificates) {
 			for (id cert in clientCertificates) {
 				[certificates addObject:cert];
 				[certificates addObject:cert];
 			}
 			}
+            
             [sslProperties setObject:certificates forKey:(NSString *)kCFStreamSSLCertificates];
             [sslProperties setObject:certificates forKey:(NSString *)kCFStreamSSLCertificates];
+            
+            CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
         }
         }
-
-        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
+        
     }
     }
 
 
 	//
 	//