[英]How can I use an AVPlayer with HTTPS and self-signed server certificates?
I have a server that uses self-signed SSL certificates for HTTPS. 我有一台将自签名SSL证书用于HTTPS的服务器。 I have the self-signed root cert bundled into my app.
我将自签名的根证书捆绑到我的应用程序中。 I'm able to get
NSURLSession
to use and validate the self-signed root cert by using SecTrustSetAnchorCertificates()
in the -URLSession:didReceiveChallenge:completionHandler:
delegate method. 我可以通过在
-URLSession:didReceiveChallenge:completionHandler:
委托方法中使用SecTrustSetAnchorCertificates()
来使NSURLSession
使用和验证自签名根证书。
When I try this with AVPlayer
, however, I get an SSL error and playback fails. 但是,当我使用
AVPlayer
尝试此操作时,出现SSL错误,并且播放失败。 This is my AVAssetResourceLoader
delegate implementation: 这是我的
AVAssetResourceLoader
委托实现:
- (BOOL)resourceLoader:(AVAssetResourceLoader *)resourceLoader shouldWaitForResponseToAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqual:NSURLAuthenticationMethodServerTrust]) {
SecTrustRef trust = challenge.protectionSpace.serverTrust;
SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)self.secTrustCertificates);
SecTrustResultType trustResult = kSecTrustResultInvalid;
OSStatus status = SecTrustEvaluate(trust, &trustResult);
if (status == errSecSuccess && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust:trust] forAuthenticationChallenge:challenge];
return YES;
} else {
[challenge.sender cancelAuthenticationChallenge:challenge];
return YES;
}
}
return NO;
}
The delegate gets called, and the trustResult
equates to kSecTrustResultUnspecified
(which means "trusted, without explicit user override"), as expected. 如预期的那样,将调用委托,并且
trustResult
等于kSecTrustResultUnspecified
(这意味着“可信,无显式用户覆盖”)。 However, playback fails shortly after, with the following AVPlayerItem.error
: 但是,播放随后不久会失败,并显示以下
AVPlayerItem.error
:
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
错误域= NSURLErrorDomain代码= -1200“发生SSL错误,无法建立与服务器的安全连接。” UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x16c35720 {Error Domain=NSOSStatusErrorDomain Code=-1200 "(null)"}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
UserInfo = {NSLocalizedRecoverySuggestion =您是否仍要连接到服务器?,NSUnderlyingError = 0x16c35720 {Error Domain = NSOSStatusErrorDomain Code = -1200“(null)”},NSLocalizedDescription =已发生SSL错误,无法与服务器建立安全连接被制造。}
How can I get AVPlayer
to accept the SSL handshake? 如何使
AVPlayer
接受SSL握手?
This implementation has worked for me: 此实现对我有用:
- (BOOL)resourceLoader:(AVAssetResourceLoader *)resourceLoader
shouldWaitForResponseToAuthenticationChallenge:(NSURLAuthenticationChallenge *)authenticationChallenge
{
//server trust
NSURLProtectionSpace *protectionSpace = authenticationChallenge.protectionSpace;
if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
[authenticationChallenge.sender useCredential:[NSURLCredential credentialForTrust:authenticationChallenge.protectionSpace.serverTrust] forAuthenticationChallenge:authenticationChallenge];
[authenticationChallenge.sender continueWithoutCredentialForAuthenticationChallenge:authenticationChallenge];
}
else { // other type: username password, client trust...
}
return YES;
}
However, it stopped working as of iOS 10.0.1 for a reason I have yet to discern. 但是,由于我尚未发现的原因,它从iOS 10.0.1开始停止工作 。 So this may or may not be helpful to you.
因此,这可能对您没有帮助。 Good luck!
祝好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.