使用AFNetworking进行SSL证书验证
[英]SSL Certificate validation with AFNetworking
问题描述
I understand the use and necessity of SSL Certificates. 
我理解SSL证书的使用和必要性。 I am looking for a detailed explanation of the relationship between http protocol and SSL Certificate and also between https and SSL Certificate. 我正在寻找http协议和SSL证书之间以及https和SSL证书之间关系的详细说明。
In AFNetworking defining _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_ allows invalid certificates. 在AFNetworking中定义_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_允许无效证书。 Assuming this flag is not set, the library should deny invalid certificates by default. 假设未设置此标志,则库应默认拒绝无效证书。 But what if the server has no certificate installed at its end? 但是,如果服务器端没有安装证书怎么办? I see that I can access a server with no certificate using http protocol. 我看到我可以使用http协议访问没有证书的服务器。
And does the default certificate validation occur for https protocol only? 是否仅针对https协议进行默认证书验证?
I want to access only those servers with a certificate and which are valid over http and https? 我想只访问那些带有证书且通过http和https有效的服务器? Is this feature required and if so is it possible? 是否需要此功能,如果可以的话?
1 个解决方案
解决方案1
2 已采纳 2014-05-09 13:30:15
I think you don't understand what HTTP and HTTPS are about: 我想你不明白HTTP和HTTPS的含义:
- http is the session protocol to communicate with servers without encryption. http是与没有加密的服务器通信的会话协议。 Everything is sent in the clear and there is also no way to verify the authenticity of the server (ie that the server responding is indeed having the correct hostname). 所有内容都以明文形式发送,也无法验证服务器的真实性(即服务器响应确实具有正确的主机名)。 A server doesn't need an SSL certificate in this case. 在这种情况下,服务器不需要SSL证书。
- https is used when you want to ensure that communication with the server is encrypted. 如果要确保与服务器的通信已加密,则使用https。 For this, the server needs an SSL certificate and before anything is sent over the HTTP session, a handshake will take place allowing the client to fetch the SSL certificate of the server in order to encrypt the data that is sent. 为此,服务器需要SSL证书,在通过HTTP会话发送任何内容之前,将发生握手,允许客户端获取服务器的SSL证书以加密发送的数据。 So an SSL certificate is only used for HTTPS connections. 因此,SSL证书仅用于HTTPS连接。
It is also possible to verify the authenticity of the server, depending on the SSL certificate used. 根据所使用的SSL证书,还可以验证服务器的真实性。 All browsers (and by default on iOS, unless you explicitely change this in your app) will only accept SSL certificates that have been issued by known certification authorities. 所有浏览器(默认情况下在iOS上,除非您在应用程序中明确更改此选项)将仅接受已知证书颁发机构颁发的SSL证书。 This way you can be sure that the server is indeed located at the hostname you requested. 这样,您可以确保服务器确实位于您请求的主机名。 Depending on the SSL certificate the owner of the server might also be verified (ie that the server indeed belongs to the company it claims to belong to). 根据SSL证书,服务器的所有者也可能被验证(即服务器确实属于它声称属于的公司)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.