iPhone SSLTest

Test Harness for Client Authenticating SSL on iPhone

Concept -- Specifications -- Work Needed -- Downloads -- Thanks To -- Contact Info

Concept

An iPhone application (NOT to be considered best practice) to allow a user to download a .p12 "SSL Client Identity" and verify that the iPhone is able to access a protected resource using the identity.

NOTES
1: The iPhone seems to cache the identity even when the code says not to, so trying to access a resource with "Client Cert Off" after it has accessed the server with "Client Cert On" works, despite expectations.
2: The p12 "identity file" is a specific file type, which contains both the X.509 private key and public certificate; this file can be generated in a number of ways. A good reference is http://www.dartmouth.edu/~pkilab/pages/Move_Keypair.html which points out that a .p12 file is equivalent to a Windows .pfx file, and is most frequently used by Firefox/Netscape. You can create .p12 files in a number of ways, one of which is shown at http://www.commandlinefu.com/commands/view/1495/create-a-p12-file-using-openssl. I also have some scripts which use OpenSSL to generate "CA Environments", which I may make available in the future, but it's all pretty straightforward and I learned most of it from http://www.sslshopper.com/article-most-common-openssl-commands.html

Specifications

Goal:	Test bed while trying to get access to a client-certificate protected HTTPS resource, and verify that known good certs work, and known bad certs do not.
Description:	An iPhone application to allow the user to download a resource from an HTTPS web site, testing when identities/certificates work and do not work. Note that if your web server uses a self-signed CA (or more generally, one which is not native to the iPhone), you need to install the CA onto the device. (This can be done via emailing the cert, an iPhone Configuration Utility profile, or by navigating to the cert in MobileSafari.) Note that you will need your own Apple Developer account, and to configure the Application Bundle ID to match your App ID in the Info.plist file, before you can install it onto a device. Also note that Keychain activities don't work quite right in the simulator, so neither will this app. (It uses keychain-type methods to extract info from the .p12 file)

Goal:

Test bed while trying to get access to a client-certificate protected HTTPS resource, and verify that known good certs work, and known bad certs do not.

Description:

An iPhone application to allow the user to download a resource from an HTTPS web site, testing when identities/certificates work and do not work.
Note that if your web server uses a self-signed CA (or more generally, one which is not native to the iPhone), you need to install the CA onto the device. (This can be done via emailing the cert, an iPhone Configuration Utility profile, or by navigating to the cert in MobileSafari.)
Note that you will need your own Apple Developer account, and to configure the Application Bundle ID to match your App ID in the Info.plist file, before you can install it onto a device.
Also note that Keychain activities don't work quite right in the simulator, so neither will this app. (It uses keychain-type methods to extract info from the .p12 file)

Work Needed:

Bug identification & fixes. This is a bit of a hack.
I'd love if there were a way to access an IDENTITY stored in the keychain, rather than having to parse the .p12 every time... Suggestions & code will be appreciated.
What else??

Downloads

Version 1.0 Zip (Xcode Project, Source): SSLTest.zip

Thanks To

Thanks to Robert Gadbois for pointing out a bug & providing feedback!

Contacts

Volunteers should contact Alan Danziger.

Also extremely useful is feedback to this project idea, and to the details included within.

aland at aland.us
"Need bandwidth, will code."