I'm using ASIHTTP in my project, and I need to support SSL connections with or without client certificate. From my view, four cases are possible during SSL handshake:
case A: server presents a trusted certificate but doesn't ask client to present one (e.g https://www.gmail.com, ...)
case B: server presents a self-signed certificate but doesn't ask client to present one (e.g. https://www.cacert.org/images/cacert4.png)
case C: server presents a trusted certificate and asks client to present one
case D: server presents a self-signed certificate and asks client to present one
ASIHTTP supports case A without problem.
Case C is also supported but I have to give a SecIdentityRef before starting the request:
[request setClientCertificateIdentity:identity];
Other cases are not supported (without completely turning off certificate validation at CFStream level, that I don't want to do).
For me the normal behaviour that I want from ASIHTTP is to ask delegate for case B, C and D. For case B and D, the delegate should be asked to trust or not the server certificate (like it is done in a web browser). For case C and D, the delegate should also be asked to provide a certificate.
ASIHTTP is based on a CFStream connection. Is there a way to configure CFStream so that it returns differents errors from case B, C and D ? And then, detects these errors and notify delegate with the right callback ?
Thanks for your help.
