Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASIHTTPRequest client certificate failed #408

Open
vietnguyen09 opened this issue Sep 6, 2016 · 0 comments
Open

ASIHTTPRequest client certificate failed #408

vietnguyen09 opened this issue Sep 6, 2016 · 0 comments

Comments

@vietnguyen09
Copy link

I have a web server running Nginx with self-signed certificate installed wich is required client certificate who want to access, but when I use ASIHTTPRequest with my client certificate p12 file to request to this server it always fail with message:
@"NSLocalizedDescription" : @"A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)"

I'm pretty sure, my client certificate is valid.

Here is my Objective-C code.

+ (NSString *)getRequest:(NSString *)urlString
{
    NSURL *url = [NSURL URLWithString:urlString];

    SecIdentityRef identity = NULL;
    SecTrustRef trust = NULL;
    NSData *PKCS12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"clientcert" ofType:@"p12"]];
    [Mics extractIdentity:&identity andTrust:&trust fromPKCS12Data:PKCS12Data];

    ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
    [request setClientCertificateIdentity:identity];
    [request setValidatesSecureCertificate:NO];
    [request startSynchronous];

    NSError *error = [request error];
    if (!error) {
        return [request responseString];
    }

    return HTMLError;
}

+ (BOOL)extractIdentity:(SecIdentityRef *)outIdentity andTrust:(SecTrustRef*)outTrust fromPKCS12Data:(NSData *)inPKCS12Data
{
    OSStatus securityError = errSecSuccess;

    NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"PasswordOfP12File" forKey:(id)kSecImportExportPassphrase];

    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    securityError = SecPKCS12Import((CFDataRef)inPKCS12Data,(CFDictionaryRef)optionsDictionary,&items);

    if (securityError == 0) {
        CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
        const void *tempIdentity = NULL;
        tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
        *outIdentity = (SecIdentityRef)tempIdentity;
        const void *tempTrust = NULL;
        tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
        *outTrust = (SecTrustRef)tempTrust;
    } else {
        NSLog(@"Failed with error code %d",(int)securityError);
        return NO;
    }
    return YES;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vietnguyen09