[AC-6481] Able to access https via Self Signed Certificate using Ti.Network.createHTTPClient

GitHub Issue	n/a
Type	Bug
Priority	n/a
Status	Closed
Resolution	Invalid
Resolution Date	2020-02-05T08:07:05.000+0000
Affected Version/s	Appcelerator Studio 4.3.0
Fix Version/s	n/a
Components	Appcelerator CLI
Labels	n/a
Reporter	shishir.roy
Assignee	Rene Pot
Created	2020-02-04T09:44:21.000+0000
Updated	2020-02-05T08:07:05.000+0000

Description

Hi, I am able to access https via Self Signed Certificate using Ti.Network.createHTTPClient. Find below code:

		       var client = Ti.Network.createHTTPClient({
				onload: function(e)
				{
					
				},
				
				onerror: function(e)
				{
					
				}
				timeout: 60000
			});
			
			var tokenFormData = {object: "object"};
			
			client.open("POST", url);
			client.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
			
			client.send(tokenFormData);

As per the documentation, Self-signed should not able to use "https" and it should "Certificate for this server is invalid" But I am able to use a Self Signed Certificate in Android. Android OS: 9 SDK: 8.2.1.GA Please suggest

Comments

Rene Pot 2020-02-04

Probably due to testing/dev mode, where validation is not done properly (as expected). Can you enable the property and try again? https://docs.appcelerator.com/platform/latest/#!/api/Titanium.Network.HTTPClient-property-validatesSecureCertificate
shishir.roy 2020-02-05

Now, I am able to use this property and its is working as expected. But this is the usual way to use this property every time.Can you please confirm.
Rene Pot 2020-02-05

This is expected behavior, yes. But you don't need to set the property as for production builds that property is set by default, as also explained in the documentation. I'll close the ticket if you have any further questions regarding using the SDK feel free to ask the community as well, you might get responses even faster. You can find the community on https://tislack.org

JSON Source