带SSL的iOS NSURLConnection:接受过期的自签名证书
[英]iOS NSURLConnection with SSL: Accepting an expired self-signed certificate
问题描述
I have a shipped app that uses the following code to secure an SSL connection using a self-signed certificate that is shipped with the app. 
我有一个随附的应用程序,该应用程序使用以下代码使用该应用程序随附的自签名证书来保护SSL连接。
- (void) connection:(NSURLConnection *)conn willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
NSLog(@"didReceiveAuthenticationChallenge %@ FAILURES=%d", [[challenge protectionSpace] authenticationMethod], (int)[challenge previousFailureCount]);
/* Setup */
NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];
assert(protectionSpace);
SecTrustRef trust = [protectionSpace serverTrust];
assert(trust);
CFRetain(trust); // Make sure this thing stays around until we're done with it
NSURLCredential *credential = [NSURLCredential credentialForTrust:trust];
/* Build up the trust anchor using our root cert */
int err;
SecTrustResultType trustResult = 0;
err = SecTrustSetAnchorCertificates(trust, certs);
if (err == noErr) {
err = SecTrustEvaluate(trust,&trustResult);
}
CFRelease(trust); // OK, now we're done with it
// http://developer.apple.com/library/mac/#qa/qa1360/_index.html
BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultConfirm) || (trustResult == kSecTrustResultUnspecified));
// Return based on whether we decided to trust or not
if (trusted) {
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
} else {
NSLog(@"Trust evaluation failed for service root certificate");
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
Unfortunately, I made a huge oversight. 不幸的是,我进行了巨大的疏忽。 SSL certificates expire. SSL证书过期。 So when the expiry date passes I'm assuming the app is going to stop working properly! 因此,当到期日期过去时,我假设该应用程序将停止正常运行! There's nothing I can do for the current version of the app - that's going to stop working soon. 对于当前版本的应用程序,我无能为力-它将很快停止工作。
I need to release an update and in order to avoid this in the future I would like to allow the self-signed certificate even if it has expired. 我需要发布一个更新,为了避免将来再次出现此情况,我想允许自签名证书即使已过期。
How do I modify my code above to trust the certificate even if it has expired? 我如何修改上面的代码以信任证书(即使证书已过期)?
1 个解决方案
解决方案1
0 2016-03-30 07:25:55
NSURLSessionConfiguration *sessionConfiguration = [NSURLSessionConfiguration defaultSessionConfiguration];
NSURLSession *session = [NSURLSession sessionWithConfiguration:sessionConfiguration delegate:self delegateQueue:Nil];
...
...
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler{
if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
if([challenge.protectionSpace.host isEqualToString:@"mydomain.com"]){
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential,credential);
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.