Allow Ti.UI.Webview to Accept Self-Signed Certs in iOS

In iPhone with Titanium, the webView (Ti.UI.WebView) will only allow content from sites with trusted, verified certificates. A simple modification to the iOS code in the SDK tells the webView to accept all pages regardless of certificate. Refer to instructions on Building the Titanium SDK for steps to modify the SDK.

This solution comes from an answer in the Titanium Mobile QA site: http://developer.appcelerator.com/question/120117/webview-ssl-certificate-error---no-way-to-accept-expired-server-certificate---ipad-app#answer-213681

Steps to modify SDK (either Titanium Mobile SDK source or an already build Titanium Mobile SDK):

Open <sdk>/iphone/Classes/TiUIWebView.m (/Library/Application Support/Titanium/mobilesdk/osx/<sdk-version>/iphone/Classes/TiUIWebView.m)

Above @implementation TiUIWebView add:

@interface NSURLRequest (DummyInterface)
 
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
 
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
 
@end

Then look for this method -(void)setUrl_:(id)args and modify code to match this:

    if ([self isURLRemote])
    {
 
        NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
 
        // Use the private method setAllowsAnyHTTPSCertificate:forHost:
        // to not validate the HTTPS certificate.
        [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];
 
        [self loadURLRequest:request];
        if (scalingOverride==NO)
        {
            [[self webview] setScalesPageToFit:YES];
        }
    }

Rebuild your app (after deleting <project-root>/build/iphone) and you should be able to open all https:// pages in the webview.

Note that this is only necessary for webviews because Ti.Network.HTTPClient has a bool property of validatesSecureCertificate which allows the developer to specify whether or not to allow invalid certs for http requests.