Tim Ekl
Dr. Mantis Toboggan
@timothyekl @rosyna the service is running tls for a reason; selfsigned certs do authentication & encryption just as well as one from a CA
Wrote my yearly blog post, and it’s a doozy: Shipping an App with App Transport Security http://timekl.com/blog/2015/08/21/shipping-an-app-with-app-transport-security/ …
-
-
-
@bizzyunderscore@rosyna unfortunately, adding them to the trust store doesn't get around that particular requirement. -
@timothyekl@rosyna the case of a server using selfsigned certs requires exception handling regardless, why not add the cert instead? -
@bizzyunderscore@rosyna it’s certainly an option! I may follow up this line of thought with some sample apps & another post soon. - View other replies
-
@timothyekl@rosyna so no trying to be a pedant here but just suggest exploring options for resolution that keep the user safer -
@bizzyunderscore@rosyna I totally agree! I’m pretty leery of the general exception too, so I’ll do more research. Thanks for discussing!
-
-
-
Thanks to
@MartinJNash for proofreading this one. I didn’t warn him ahead of time how long it was. -
@timothyekl I learned so much, I wasn't really able to proof it. -
@MartinJNash It’s OK –@arclite has you covered.
-
-
-
@timothyekl Yes, dropping down to CFStreamCreatePairWithSocketToHost() will let you circumvent ATS. You have to do the HTTP yourself, though - View other replies
-
@al45tair can you elaborate? I wrote a few sample apps and couldn't seem to get it going.
-
-
@timothyekl@rosyna could I humbly recommend adding self signed certs to the trust store instead of disabling validation? Much less risky. -
@timothyekl Instapapered for 14h flight back to Seattle.
Martin Nash
Alastair Houghton
Kim Ahlberg
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.