Again, some things from Apple could be done easier…here is the story.
Problem: Your iPhone app needs to talk to a web app which responds only over SSL (so you have to use https url scheme). In testing, you do not want to use the real service, because sometimes it costs you money, and, well, it just does not seem right. Of course you may create a server that responds on http and then use that instead of using secure connection, but it would mean you will have change your app just before releasing it. The same would happen if you follow some of the answers posted to this StackOverflow question where many advise disabling certificate verification programmatically when your app is still in development. All right, maybe you do not release your app after every single build, but still you give it to testers and so on. And while forgetting changing
http back to
https would just make your app rejected, forgetting to turn on certificated verification is opening your app to man-in-the-middle (my favorite) attack. I was searching desperately to some good quick but elegant solution to this problem. Fortunately, on the StackOverflow topic mentioned above I found some very helpful clue.