You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@chemistry.apache.org by pw...@apache.org on 2013/05/17 13:38:43 UTC

svn commit: r1483747 - /chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m

Author: pweschmidt
Date: Fri May 17 11:38:43 2013
New Revision: 1483747

URL: http://svn.apache.org/r1483747
Log:
we can actually use [url host] instead of [url absoluteString] when verifying the host name

Modified:
    chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m

Modified: chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m
URL: http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m?rev=1483747&r1=1483746&r2=1483747&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m (original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m Fri May 17 11:38:43 2013
@@ -132,7 +132,7 @@ NSString * const kCMISExceptionVersionin
  */
 - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
 {
-    BOOL isTrusted = (self.trustedSSLServer && [[self.requestURL absoluteString] hasSuffix:protectionSpace.host]);
+    BOOL isTrusted = (self.trustedSSLServer && [[self.requestURL host] isEqualToString:protectionSpace.host]);
     if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !isTrusted)
     {
             return NO;
@@ -156,7 +156,7 @@ NSString * const kCMISExceptionVersionin
  */
 - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
 {
-    BOOL isTrusted = (self.trustedSSLServer && [[self.requestURL absoluteString] hasSuffix:challenge.protectionSpace.host]);
+    BOOL isTrusted = (self.trustedSSLServer && [[self.requestURL host] isEqualToString:challenge.protectionSpace.host]);
     if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !isTrusted)
     {
         [challenge.sender cancelAuthenticationChallenge:challenge];