0

I have an app that communicate with a dedicated server, i want to implement a https communication... I'm using sthttprequest wrapper for all my requests, that an example request:

 __block STHTTPRequest *up = [STHTTPRequest requestWithURLString:@"http://www.server.com/page.php"];

up.POSTDictionary = @{@"pass":@"xxxx","user":@"username"};

up.completionBlock = ^(NSDictionary *headers, NSString *body) {


};

up.errorBlock = ^(NSError *error) {



};

[up startAsynchronous];

For the server i'll buy a ssl certificate, but how i can implement the https for my client ios app? I'm trying to create the best solution to secure data, so i will not use a self-signed certificate... I have read the vulnerability about "man in the middle" attack.

user31929
  • 1,115
  • 20
  • 43
  • You don't have to do anything special with STHTTPRequest. The class will gracefully handle HTTPS. Also, in your example, it is not necessary to declare the up variable as __block, since it's not modified in a code block. – nst Jul 08 '15 at 09:40
  • Thanks and sorry but i'm new to https with ios... There is something more to do to manage authentication challenge in a request? There is the need to manage a cert.der in my bundle and in my request? Or i can simply add the https:// to my STHTTPRequest *up to made a total encrypted request? (naturally with a server correctly configured) – user31929 Jul 08 '15 at 12:55
  • There is nothing to do from the STHTTPRequest user's point of view, except having the SSL certificate trusted by a valid CA. Now if you want to check that you are actually talking with your server and not with another server with another SSL certificate also trusted by a valid CA, then you need to do certificate pinning, which is not supported by STHTTPRequest, but could probably be added with little effort. – nst Jul 08 '15 at 13:52

0 Answers0