For treating the Self Signed certificate as valid in iOS App, I added some code to provide trust exceptions, So that mobile client will always trust the server.
BOOL isValid = NO;
SecTrustResultType result;
__Require_noErr_Quiet(SecTrustEvaluate(serverTrust, &result), _out);
if (result == kSecTrustResultRecoverableTrustFailure) {
CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);
SecTrustSetExceptions(serverTrust, errDataRef);
__Require_noErr_Quiet(SecTrustEvaluate(serverTrust, &result), _out);
}
_out:
return isValid;
1. Will apple encourage this kind of methodology?
2. Will iTunes publish my app, if I uses this code to force the client for trusting the sever?
If this is not the right way, can you please provide any alternate solution(iOS front) to support self signed certificate.