Patched issue #263 - (can't revert 'validatesSecureCertificate' once set to 'NO' on new requests)

Frédéric VERGEZ
Commit 6600374880762608baed7e632bce73d45666768b 66003748 1 parent f7fe5c79
Showing 1 changed file with 22 additions and 10 deletions
Classes/ASIHTTPRequest.m
--- a/Classes/ASIHTTPRequest.m
View file @6600374
+++ b/Classes/ASIHTTPRequest.m
View file @6600374
@@ -1198,18 +1198,28 @@ static NSOperationQueue *sharedQueue = nil;
     // Handle SSL certificate settings
     //
 
-     if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {
- 
-         NSMutableDictionary *sslProperties = [NSMutableDictionary dictionaryWithCapacity:1];
- 
+     if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {       
+        
         // Tell CFNetwork not to validate SSL certificates
         if (![self validatesSecureCertificate]) {
-             [sslProperties setObject:(NSString *)kCFBooleanFalse forKey:(NSString *)kCFStreamSSLValidatesCertificateChain];
-         }
- 
+             // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html
+             
+             NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
+                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
+                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
+                                       [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
+                                       kCFNull,kCFStreamSSLPeerName,
+                                       nil];
+             
+             CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
+                                     kCFStreamPropertySSLSettings, 
+                                     (CFTypeRef)sslProperties);
+         } 
+         
         // Tell CFNetwork to use a client certificate
         if (clientCertificateIdentity) {
- 
+             NSMutableDictionary *sslProperties = [NSMutableDictionary dictionaryWithCapacity:1];
+             
 			NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[clientCertificates count]+1];
 
 			// The first object in the array is our SecIdentityRef
@@ -1219,10 +1229,12 @@ static NSOperationQueue *sharedQueue = nil;
 			for (id cert in clientCertificates) {
 				[certificates addObject:cert];
 			}
+             
             [sslProperties setObject:certificates forKey:(NSString *)kCFStreamSSLCertificates];
+             
+             CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
         }
- 
-         CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
+         
     }
 
 	//