Untrustworthy SSL certificate

jigs.patelit · October 14, 2016, 8:11pm

I am new to Couchbase.
I have written code in swift 2.3 and it did work great with http://localhost but when i try same code with https://host it fail in Puller Replication Error with error “Untrustworthy SSL certificate”.
I can understand that iOS app is not able to trust server, but what should i change so that it trust all certi ?

ERROR:

2016-10-15 01:38:23.732 CouchBaseSwift[1706:78390] puller: Replication Error: Error Domain=NSURLErrorDomain Code=-1202 “Untrustworthy SSL certificate” UserInfo={NSLocalizedDescription=Untrustworthy SSL certificate, NSErrorFailingURLKey=https://lab.automint.in:4984/automint/_changes?feed=normal&heartbeat=300000&style=all_docs}

jens · October 14, 2016, 11:32pm

Get a copy of the X.509 certificate the server is using, and add it to the app as a resource file. At runtime load that file and set the pinnedCert replicator property to the contents of the certificate.

jigs.patelit · October 16, 2016, 7:06pm

I got this error

“SSL cert for lab.automint.in (lab.automint.in is a localhost) does not equal pinnedCert {at certMatchesPinned:141}”

How can i check what certi, App received from server ?

Is there anyway so that i can trust all certi ?

Thanks for your help.

Jignesh

jens · October 17, 2016, 4:38pm

Make sure you’re using the binary (DER) form of the cert, not the ASCII (PEM) one.

Is there anyway so that i can trust all certi ?

No, that would go against the whole reason for using SSL.

jigs.patelit · October 17, 2016, 7:48pm

I was asking for testing purpose as i was using localhost as server.

I am able to do it using “setAnchorCerts”

   var certs = NSMutableArray()
   let resourcePath = NSBundle.mainBundle().pathForResource("cert", ofType: "cer")
        if resourcePath != nil {
            if let certData = NSData(contentsOfFile: resourcePath!) { 
                let dataPtr = CFDataCreate(kCFAllocatorDefault, UnsafePointer<UInt8>(certData.bytes), certData.length)
                let certRef = SecCertificateCreateWithData(nil, dataPtr)
                if certRef != nil {
                    certs.addObject(certRef!)
                    CBLReplication.setAnchorCerts(certs as [AnyObject], onlyThese: false)
                }
            }
        }