使用AFNetworking 2.3.1的自签名SSL证书

Question

I'm trying to use a self-signed certificate .cer in my iOS app. I followed this nice tutorial : http://initwithfunk.com/blog/2014/03/12/afnetworking-ssl-pinning-with-self-signed-certificates/

I added my .cer file tu the project. And init my AFHTTPRequestOperationManager :

self.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
self.securityPolicy.allowInvalidCertificates = YES;

But I always get this -1012 error :

Error The operation couldn't be completed. (NSURLErrorDomain error -1012.)

I checked the + (NSArray *)defaultPinnedCertificates its correctly load my .cer .

but evaluateServerTrust:forDomain: always return NO :

return trustedCertificateCount == [serverCertificates count];

[serverCertificates count] = 2 and trustedCertificateCount = 1.

What does this means? Can you help me please?

Answer 1

AFSecurityPolicy 's default behaviour is to validate the certificate chain. You should add all intermediate certificates, or disable validation of the chain:

self.securityPolicy.validatesCertificateChain = NO;

Adding intermediate certificates is the preferred approach.