Closed trondat closed 4 years ago
Any suggestions for a workaround for self-signed certificate handling on iOS?
The workaround so far was to export the internal root CA as a pem file , and email it to my iPhone ,install it and trust it (medium.com/collaborne-engineering/…). This is only good for development, it´s not practical for production.
I was thinking about creating a custom HttpClientEngine implementation that is basically a copy of the existing one and adding the challenge logic to the delegate.
Not sure if it's going to work through.
On Wed, Feb 26, 2020, 9:06 AM trondat notifications@github.com wrote:
The workaround so far was to export the internal root CA as a pem file , and email it to my iPhone ,install it and trust it ( medium.com/collaborne-engineering/…). This is only good for development, it´s not practical for production.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ktorio/ktor/issues/1671?email_source=notifications&email_token=AIOOVDCQLILAD23Z4AWS33TREYIGXA5CNFSM4K2HWWTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEM7B2EQ#issuecomment-591273234, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIOOVDGI47XNC2ULKEPGYDLREYIGXANCNFSM4K2HWWTA .
Hi @trondat, the custom certificates can be handled with handleChallenge
in IosClientEngineConfig
in 1.3.2
Using Ktor client version 1.3.1 on iOS 13.3
In iOS using Kotlin multiplaform , Ktor does not seem to respect the setting in info.plist regarding NSAppTransportSecurity. This results in Ktor throwing exception when trying to reach SSL site with selfsigned certificate.
To Reproduce Client code :
info.plist file
With a call to performHttp("https://www.mydomain.com") results in :
Expected behavior With the settings in the info.plist file the Ktor client should ignore the non trusted SSL cert.