Hi,
we want to connect to a HTTPS server with a self-signed certificate. In pure Android, I’d write a TrustManager to verify the authenticity of the certificate and accept the connection even though it is not signed by a system-wide trusted CA.
Is there a way in Corona to feed additionally trusted certificates (better CAs) to the SSL layer or to write the Lua equivalent of a TrustManager?
Thanks in advance!
Best regards,
Martin
Would be nice if there were an option for corona to simply skip certificate validation.
curl has an option for this which allows you to test ssl with self signed certificates.
Would be nice if there were an option for corona to simply skip certificate validation.
curl has an option for this which allows you to test ssl with self signed certificates.
Well, is there any way to deal with ssl enabled sites with “untrusted” certificates?
Extra security protocol ois enabled thats why you won’t be able to see to get any information regarding the sites.
So, Corona SDK is not suitable in such scenarios?
Well, is there any way to deal with ssl enabled sites with “untrusted” certificates?
Extra security protocol ois enabled thats why you won’t be able to see to get any information regarding the sites.
So, Corona SDK is not suitable in such scenarios?
Just posted this here on a related thread: http://forums.coronalabs.com/topic/39822-ssl-untrusted-certificates/
This would be very useful for me and other people using Amazon (and similar services) as a content delivery network for apps.
The way Amazon’s CloudFront service works is that you load images or content by making an in-app connection to cdn.example.com, which may be a DNS alias for drj6nl5tupx60.cloudfront.net (not an actual AWS hostname). Amazon will generate a cache hit or miss and, if not cached, connect to your example.com servers.
The ideal way to do this is to generate an SSL certificate for the CloudFront distribution, but Amazon charges you $7,200 per year for that privilege: http://aws.amazon.com/cloudfront/pricing/
So if you want to load images from cdn.example.com via SSL without giving Amazon $7,200 a year, there will be an invalid certificate chain error.
This is a clear case where it would be useful for Corona SDK to support bypassing certificate checks for use in real-world production environments. Does anyone have any idea when it will happen?
Just posted this here on a related thread: http://forums.coronalabs.com/topic/39822-ssl-untrusted-certificates/
This would be very useful for me and other people using Amazon (and similar services) as a content delivery network for apps.
The way Amazon’s CloudFront service works is that you load images or content by making an in-app connection to cdn.example.com, which may be a DNS alias for drj6nl5tupx60.cloudfront.net (not an actual AWS hostname). Amazon will generate a cache hit or miss and, if not cached, connect to your example.com servers.
The ideal way to do this is to generate an SSL certificate for the CloudFront distribution, but Amazon charges you $7,200 per year for that privilege: http://aws.amazon.com/cloudfront/pricing/
So if you want to load images from cdn.example.com via SSL without giving Amazon $7,200 a year, there will be an invalid certificate chain error.
This is a clear case where it would be useful for Corona SDK to support bypassing certificate checks for use in real-world production environments. Does anyone have any idea when it will happen?
I just faced myself with the problem of untrusted SSL certificates when trying to make a network request to my server and was receiving a event.isError = true with status = -1 on the networkListener.
So, I bought a SSL from a CA is now everything is running fine.
I found strange AWS charge you that amount for using SSL and went to check it out. Actually, they only charge you if you want to use a IP based SSL. If you use the SNI Custom SSL, it is free.
Since the only different would be that older browsers don’t support SNI, you would be fine to use it with Corona.
SNI Custom SSL
Server Name Indication (SNI) Custom SSL relies on the SNI extension of the Transport Layer Security protocol, which allows multiple domains to serve SSL traffic over the same IP address. Amazon CloudFront delivers your content from each edge location and offers the same security as the Dedicated IP Custom SSL feature (see below).When you use SNI Custom SSL, some users may not be able to access your content because some older browsers do not support SNI and will not be able to establish a connection with CloudFront to load the HTTPS version of your content. For more information on SNI, including a list of supported browsers, please visit our FAQ page.
There is no separate pricing for this feature. You can use SNI Custom SSL with no upfront or monthly fees for certificate management; you simply pay normal Amazon CloudFront rates for data transfer and HTTPS requests.
Set up is easy: simply follow the instructions outlined in the CloudFront Developer Guide and start serving your content quickly and securely
Anyway, buying certificate is not an option, because in my application client may specify his own HTTPs URL with self-signed certificate…
I just faced myself with the problem of untrusted SSL certificates when trying to make a network request to my server and was receiving a event.isError = true with status = -1 on the networkListener.
So, I bought a SSL from a CA is now everything is running fine.
I found strange AWS charge you that amount for using SSL and went to check it out. Actually, they only charge you if you want to use a IP based SSL. If you use the SNI Custom SSL, it is free.
Since the only different would be that older browsers don’t support SNI, you would be fine to use it with Corona.
SNI Custom SSL
Server Name Indication (SNI) Custom SSL relies on the SNI extension of the Transport Layer Security protocol, which allows multiple domains to serve SSL traffic over the same IP address. Amazon CloudFront delivers your content from each edge location and offers the same security as the Dedicated IP Custom SSL feature (see below).When you use SNI Custom SSL, some users may not be able to access your content because some older browsers do not support SNI and will not be able to establish a connection with CloudFront to load the HTTPS version of your content. For more information on SNI, including a list of supported browsers, please visit our FAQ page.
There is no separate pricing for this feature. You can use SNI Custom SSL with no upfront or monthly fees for certificate management; you simply pay normal Amazon CloudFront rates for data transfer and HTTPS requests.
Set up is easy: simply follow the instructions outlined in the CloudFront Developer Guide and start serving your content quickly and securely
Anyway, buying certificate is not an option, because in my application client may specify his own HTTPs URL with self-signed certificate…