26
votes

How to implement a https connection with SSL and ASIHTTPRequest? Are there some special steps to do? Can it be that this has nothing to do with ASIHTTPRequest? It has to do only with the server-side I think. Can someone post a link or describe the process of how a https connection can be established?

This is what I found out so far:

I read somewhere that you need a "real" SSL certificate and not a self signed one. There are also not all provider of SSL certificates supported I think (read this).

You also have to run through the U.S. Government requirement for a CCATS review and approval. (see here).

2

2 Answers

35
votes

So you've got a few questions here:

  1. To do SSL with ASIHTTPRequest, you just need to pass a https url instead of a http one.

  2. you don't need a real SSL certificate, you can disable validation using: [request setValidatesSecureCertificate:NO];. Disabling certificate validation does mean you lose some of the protection that SSL provides, making you vulnerable to man-in-the-middle attacks etc.

  3. Yes, you're limited by what certificate signing authorities are supported by the iPhone. So long as you stick to the big names it shouldn't really be an issue. (And as per 2. you can use a self signed certificate anyway.)

  4. It seems CCATS not necessary anymore, you need an ERN instead - the process has changed, as of Summer 2010! See http://tigelane.blogspot.com/2011/01/apple-itunes-export-restrictions-on.html. There are also extra restrictions if you want to distribute on the French app store, see Using SSL in an iPhone App - Export Compliance.

0
votes

Regarding ERN or CCATS, the short answer is that an ERN is probably needed, but there are some exemptions your app may qualify for so that an ERN is not needed (e.g., only using https for authenitication or "your app is specially designed and limited for banking use or ‘money transactions").

Apple provides clarification as to what's needed in their "World Wide Trade Compliance for the App Store" FAQ in iTunes Connect.