[英]SSL Certificate validation with AFNetworking
I understand the use and necessity of SSL Certificates. 我理解SSL证书的使用和必要性。 I am looking for a detailed explanation of the relationship between http protocol and SSL Certificate and also between https and SSL Certificate. 我正在寻找http协议和SSL证书之间以及https和SSL证书之间关系的详细说明。
In AFNetworking defining _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_ allows invalid certificates. 在AFNetworking中定义_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_允许无效证书。 Assuming this flag is not set, the library should deny invalid certificates by default. 假设未设置此标志,则库应默认拒绝无效证书。 But what if the server has no certificate installed at its end? 但是,如果服务器端没有安装证书怎么办? I see that I can access a server with no certificate using http protocol. 我看到我可以使用http协议访问没有证书的服务器。
And does the default certificate validation occur for https protocol only? 是否仅针对https协议进行默认证书验证?
I want to access only those servers with a certificate and which are valid over http and https? 我想只访问那些带有证书且通过http和https有效的服务器? Is this feature required and if so is it possible? 是否需要此功能,如果可以的话?
I think you don't understand what HTTP and HTTPS are about: 我想你不明白HTTP和HTTPS的含义:
It is also possible to verify the authenticity of the server, depending on the SSL certificate used. 根据所使用的SSL证书,还可以验证服务器的真实性。 All browsers (and by default on iOS, unless you explicitely change this in your app) will only accept SSL certificates that have been issued by known certification authorities. 所有浏览器(默认情况下在iOS上,除非您在应用程序中明确更改此选项)将仅接受已知证书颁发机构颁发的SSL证书。 This way you can be sure that the server is indeed located at the hostname you requested. 这样,您可以确保服务器确实位于您请求的主机名。 Depending on the SSL certificate the owner of the server might also be verified (ie that the server indeed belongs to the company it claims to belong to). 根据SSL证书,服务器的所有者也可能被验证(即服务器确实属于它声称属于的公司)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.