iOS 和 SSL : Unable to validate self-signed server certificate
<p><p><br/>
我对使用 SSLchannel 使用 Web 服务还很陌生。经过相当好的搜索,我找到了一种使用 NSURLConnection 委托(delegate) API 执行 SSL/HTTPS 身份验证的方法。以下是执行实际身份验证的代码片段:
<br/></p>
<pre><code>- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
;
]];
NSLog(@"\n\nserverTrust: %@\n", [ serverTrust]);
/* Extract the server certificate for trust validation
*/
NSURLProtectionSpace *protectionSpace = ;
assert(protectionSpace);
SecTrustRef trust = ;
assert(trust);
CFRetain(trust); // Make sure this thing stays around until we're done with it
NSURLCredential *credential = ;
/* On iOS
* we need to convert it to 'der' certificate. It can be done easily through Terminal as follows:
* $ openssl x509 -in certificate.pem -outform der -out rootcert.der
*/
NSString *path = [ pathForResource:@"rootcert" ofType:@"der"];
assert(path);
NSData *data = ;
assert(data);
/* Set up the array of certificates, we will authenticate against and create credentials */
SecCertificateRef rtCertificate = SecCertificateCreateWithData(NULL, CFBridgingRetain(data));
const void *array = { rtCertificate };
trustedCerts = CFArrayCreate(NULL, array, 1, &kCFTypeArrayCallBacks);
CFRelease(rtCertificate); // for completeness, really does not matter
/* Build up the trust anchor using our root cert */
int err;
SecTrustResultType trustResult = 0;
err = SecTrustSetAnchorCertificates(trust, trustedCerts);
if (err == noErr) {
err = SecTrustEvaluate(trust, &trustResult);
}
CFRelease(trust); // OK, now we're done with it
];
/* http://developer.apple.com/library/mac/#qa/qa1360/_index.html
*/
BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultConfirm) || (trustResult == kSecTrustResultUnspecified));
// Return based on whether we decided to trust or not
if (trusted) {
[ useCredential:credential forAuthenticationChallenge:challenge];
;
} else {
;
[ cancelAuthenticationChallenge:challenge];
}
</code></pre>
<p>}</p>
<p>但我收到以下错误:
<br/></p>
<pre><code>2012-06-11 17:10:12.541 SecureLogin Error during connection: Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)" UserInfo=0x682c790 {NSErrorFailingURLKey=https://staging.esecure.url/authentication/signin/merchants, NSErrorFailingURLStringKey=https://staging.esecure.url/authentication/signin/merchants}
</code></pre>
<p><br/>
我正在使用从服务器获得的相同证书并将其转换为“der”格式。我正在为 iOS 5.x 构建应用程序。
我不确定我是否错过了什么。让我知道你的建议。</p>
<p>谢谢。</p>
<p><strong>编辑</strong>
在此处检查证书后,输出的外观如何:
<img src="/image/UXbRB.png" alt="Portecle app Examination"/> </p>
<p><br/>
如果有什么问题,请告诉我。</p>
<p>谢谢。</p></p>
<br><hr><h1><strong>Best Answer-推荐答案</ strong></h1><br>
<p><p>我无法判断您的代码是否有效,因为我使用 RestKit 来使用 REST 接口(interface),但是导致 <code>NSURLErrorDomain Code=-1012</code> 的最常见问题是自签名证书没有指向 Web 服务 if 地址的 <code>subject 替代名称</code> 扩展名。</p>
<p>要检查您的证书,请下载 <a href="http://sourceforge.net/projects/portecle/" rel="noreferrer noopener nofollow">Portecle app</a> ,如果您需要查看 ssl 证书,这非常有用。运行它并从菜单中选择检查->检查证书并导航到您的证书。您将看到有关您的证书的基本信息,现在按检查按钮,然后按主题备用名称,并确保您的 Web 服务的正确 IP 地址在那里。如果没有,您需要使用此信息再次创建证书。</p></p>
<p style="font-size: 20px;">关于iOS 和 SSL : Unable to validate self-signed server certificate,我们在Stack Overflow上找到一个类似的问题:
<a href="https://stackoverflow.com/questions/10979922/" rel="noreferrer noopener nofollow" style="color: red;">
https://stackoverflow.com/questions/10979922/
</a>
</p>
页:
[1]