ssl error iPadOS 18.4 for self-signed certificate

Question

Created Apr ’25

Replies 1

Boosts 0

Participants 1

Our app is an enterprise app via MDM. We are experiencing an issue in iPadOS 18.4 when loading an internal HTTPS server via WKWebView in a hybrid iOS app.

Our server uses a self-signed certificate but lacks the digitalSignature usage in its Key Usage extension. (Currently we have no chance to change the server's certificate)

We override webView:didReceiveAuthenticationChallenge:completionHandler: to trust the certificate:

              completionHandler(NSURLSessionAuthChallengeUseCredential, credential);

This "completionHandler" works in previous 18.3.2 , but not work in 18.4. May I know is there any changes in 18.4 for the https certification? Why this delegate not work? What we can do to ignore this ssl error and get connection?

Thanks in advance, look forward for your reply.

Boost

Answer 1

lyc_ OP

Apr ’25

Following codes is used to trust the certificate, which not work in iPadOS 18.4:

NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);

Here is the complete code for didReceiveAuthenticationChallenge:

- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {
   if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        if ([challenge previousFailureCount] == 0) {
            SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
            CFErrorRef error;
            BOOL isCertificateValid = SecTrustEvaluateWithError(serverTrust, &error);

            CDVViewController* vc = (CDVViewController*)self.viewController;

            if(isCertificateValid) {
                NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
                completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
            } else {
                    NSLog(@"ScanAndGo app certificate error: %@", error);

                    CFDictionaryRef trustResultDict = SecTrustCopyResult(serverTrust);
                    BOOL keyUsageFailure = NO;
                    BOOL otherFailure = NO;
                    ///...
                    ///... There are some codes that check if the error is Key Usage error.

                    // If it is key usage error, ignore.
                    if(keyUsageFailure == YES && otherFailure == NO) {
                        NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
                        completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
                    } else {
                        completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
                    }
            }
        } else {
            completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
        }
    } else {
        completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
    }
}

0