I'm working on a cordova hybrid application (essentially a web app) that should run the same way on iOS and Android. The app can connect to multiple different servers owned by the user, and thus I have no control over the security/SSL/certificates on those servers. As a user might want to use self-signed certificates on a server for testing purposes, the app should be able to show a warning and ask the user for permission to connect to the "insecure" server whenever SSL handshake fails.
On Android, I've managed to do that by adding some code around onReceivedSslError on the webViewClient, and showing a warning/confirmation dialog whenever that happens. However, I'm having a struggle on iOS, partly because I'm not that familiar with the platform.
Resources on the net suggest to override the following method:
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
and return true. However, what I really want to do is show a dialog to the user whenever an SSL error is encountered and let the user decide whether they want to proceed or not. I've tried to add some code that displays a dialog inside allowsAnyHTTPSCertificateForHost but that resulted in the following issues:
- Not aware of the lifecycle of the connection thus I don't know whether that method is called on SSL errors only, or always when dealing with secure connections.
- The code wouldn't run due to not executing on the right thread
- Added a dispatch_async call so that it runs on the main UI thread solved that issue, but now the warning comes too late (i.e. connection has already failed)
- Added a dispatch_sync instead to fix the above issue, and now the application simply freezes
By the way, I've enabled arbitrary loads (media/web content) in the config.xml of cordova.
Any suggestions/directions how to resolve this or code examples would be more than welcome as I've stumbled on this for quite some time.
