iOS https / Host dont't has SSL certificate

Question

I ran into a problem and needs help. I send a request to the server via HTTPS but server don't has SSL certificate. How I can bypass check SSL certificate in iOS?

My Code:

let loginString = String(format: "Login:Pass")
let loginData = loginString.data(using: String.Encoding.utf8)!
let base64LoginString = loginData.base64EncodedString()

let headers = [
    "content-type": "application/xml",
    "authorization": "Basic \(base64LoginString)"
]

let postData = NSData(data: "BODY".data(using: String.Encoding.utf8)!)

let request = NSMutableURLRequest(url: URL(string: "IP")!, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0)

request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

var session = URLSession.shared
session = URLSession(configuration: URLSessionConfiguration.default, delegate: self as? URLSessionDelegate, delegateQueue: nil)
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in

    if (error != nil) {
        print(error.debugDescription)
    } else {
        let responseData = String(data: data!, encoding: String.Encoding.utf8)!
        print(responseData)
    }
})

dataTask.resume()

My Error:

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “IP” which could put your confidential information at risk.

Help me pls.

If this is your server, get it an SSL certificate. Let's Encrypt makes this free and quite easy. — ceejayoz, Jul 05 '17 at 19:25
OK, then the answer below by Fangming Ning should do the trick. — ceejayoz, Jul 05 '17 at 22:41

score 1 · Accepted Answer · answered Jul 05 '17 at 19:23

1

You need to allow Allow Arbitrary Loads. In your info.plist file, add this following entry

answered Jul 05 '17 at 19:23

Fangming

24,551
6
100
90

This is legit if you're making something like a browser, but if you're doing this to workaround the lack of SSL on a server *under your control* (i.e. your app's own API) it [may get your app rejected](http://blog.safedk.com/technology/ios-ats-apple-store-policy-rejected/). "Starting January 1st 2017, using this flag will cause thorough App Store review and the app developers will have to explain why they need to use this exception in the first place." – ceejayoz Jul 05 '17 at 19:31
Did not help... The problem is the same. ceejayoz, its not browser. Thanks you for info. – Rorian Jul 05 '17 at 22:59
@Rorian What URL are you trying to connect to? Is that http or https? – Fangming Jul 05 '17 at 23:43
@FangmingNing I trying to connect to https. – Rorian Jul 06 '17 at 08:42
@Rorian can you tell me the URL please so that I can further help you on this? – Fangming Jul 06 '17 at 08:49
@FangmingNing This is extremely insecure and unsafe. You just allow it to all servers, you don't even exclude the url. Please don't use this in a production application. Have a look here: https://stackoverflow.com/questions/30731785/how-do-i-load-an-http-url-with-app-transport-security-enabled-in-ios-9/30732693#30732693 – j3141592653589793238 Feb 03 '18 at 15:50

iOS https / Host dont't has SSL certificate

1 Answers1