Self-signed certificates and http on Android

There are few ways to enable connection to servers with untrusted certificates (that is blocked by default):

  1. Apply in your project code: FCurlHttpManager::CurlRequestOptions.bVerifyPeer = false;
  2. In the Project Settings dialog, look in the Engine - Network section for Libcurl Verify Peer checkbox. Try turning it off and see if it works.

Non-trusted connections (http) on iOS

Thanks to Joe Conley with this how-to.

It’s not the easiest to use interface, but in the Project Settings’ iOS section, there is a section for “Additonal Plist Data”, and one of the things you can add there are “NSExceptionDomains” which allow you to specify which sites you want to allow insecure (non-Https) connections to on iOS. You have to add it in the XML plist format, and the editing experience is not great, but it’s possible.

https://i.gyazo.com/551329d49b15626166ae14457256c390.png

I think probably that field should at least have a multi-line text entry box to make it a less difficult experience, but at least it should be possible. In total, it should look like this:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
		<dict>
			<key>test.com</key>
			<dict>
				<key>NSExceptionAllowsInsecureHTTPLoads</key>
					<true/>
				<key>NSIncludesSubdomains</key>
					<true/>
			</dict>    
		</dict>
</dict>\\n

Another way is described by @saccomat at issue #63:

I had to put this string in the “additional plist data” inside projects settings / ios/ to let it work NSAppTransportSecurityNSAllowsArbitraryLoads