自签名本地证书上的alamofire SSL错误
[英]alamofire SSL errors on self-signed local certificates
问题描述
I have a HTTP REST server with a self-signed certificate. 
我有一个带有自签名证书的HTTP REST服务器。 I want to talk to this server from an iOS Swift app, using alamofire. 我想使用alamofire从iOS Swift应用程序与该服务器对话。 The current code that I have is: 我拥有的当前代码是:
``` ```
let Almgr : Alamofire.SessionManager = {
// Create the server trust policies
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"localhost": .disableEvaluation
]
// Create custom manager
let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = Alamofire.SessionManager.defaultHTTPHeaders
let man = Alamofire.SessionManager(
configuration: URLSessionConfiguration.default,
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
return man
}()
Almgr.request(url, method: .post, parameters: params).responseJSON {
response in
if response.result.isSuccess {
print("Success")
} else {
print("Failure")
}
}
With the above code snippet, I am always getting an error when I try to make the http call Almgr.request . 使用上面的代码片段,当我尝试进行http调用Almgr.request时,总是会出错。 The error message is: 错误消息是:
2017-12-30 18:24:20.114486+0530 myApp[58036:2721102] ATS failed system trust
2017-12-30 18:24:20.114625+0530 myApp[58036:2721102] System Trust failed for [1:0x600000178a80]
2017-12-30 18:24:20.114814+0530 myApp[58036:2721102] TIC SSL Trust Error [1:0x600000178a80]: 3:0
2017-12-30 18:24:20.115142+0530 myApp[58036:2721102] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
2017-12-30 18:24:20.115274+0530 myApp[58036:2721102] Task <4E3D9E88-B9CE-48C4-850C-5A3E7C9A6A72>.<1> HTTP load failed (error code: -1200 [3:-9802])
2017-12-30 18:24:20.115469+0530 myApp[58036:2721231] Task <4E3D9E88-B9CE-48C4-850C-5A3E7C9A6A72>.<1> finished with error - code: -1200
Any idea how to get this fixed ? 知道如何解决这个问题吗? I do not want any checks to be done if the url is localhost on port 8000. I have even tried with adding port to the serverTrustPolicies definition but that does not make any difference and I still get error. 如果URL是端口8000上的localhost ,我不希望进行任何检查。我什至尝试将端口添加到serverTrustPolicies定义中,但这没有任何区别,并且仍然会出错。 Any help ? 有什么帮助吗?
Update: My problem I believe is related to https://developer.apple.com/library/content/qa/qa1948/_index.html but not found the way to fix yet. 更新:我认为我的问题与https://developer.apple.com/library/content/qa/qa1948/_index.html有关,但尚未找到解决方法。
3 个解决方案
解决方案1
1 2018-01-01 20:23:24
1. 1。
Your approach of modifying server trust policies should work when providing the port. 提供端口时,您修改服务器信任策略的方法应该有效。 Also see this post . 另请参阅这篇文章 。 Maybe you are testing your app with the simulator and trying to connect to a web server on the same machine? 也许您正在使用模拟器测试您的应用程序,并尝试连接到同一台计算机上的Web服务器? This can cause all kinds of connection problems (or why are you trying to connect to localhost anyway?). 这可能会导致各种连接问题(或者您为什么仍要尝试连接到本地主机?)。
2. 2。
You should never set NSAllowsLocalNetworking or similar parameters. 您永远不要设置NSAllowsLocalNetworking或类似的参数。 It breaks SSL and you never know what may happen, even in the local network. 它破坏了SSL,即使在本地网络中,您也不知道会发生什么。 If absolutely necessary, you should just make exceptions for single hosts and ports as stated above. 如果绝对必要,则应如上所述对单个主机和端口进行例外处理。
3. 3。
You should never use self signed certificates because this also breaks SSL. 您永远不要使用自签名证书,因为这也会破坏SSL。 It is very easy to obtain a valid certificate using Let's Encrypt . 使用Let's Encrypt很容易获得有效的证书。 Though, in some cases it is just not possible to obtain a valid certificate. 但是,在某些情况下,只是不可能获得有效的证书。 You should then create your own certificate authority and export the CA root certificate to your device. 然后,您应该创建自己的证书颁发机构,并将CA根证书导出到您的设备。 This way, you also make an exception for only one specific host. 这样,您还可以仅将一个特定主机作为例外。
Please note that security is crucial in all applications. 请注意,安全性对于所有应用程序都是至关重要的。 Please only make exceptions if you exactly know what you are doing. 如果您完全知道自己在做什么,请仅设置例外。
解决方案2
0 2017-12-30 15:46:57
I have figured out the solution. 我已经解决了。 We need to edit the Info.plist file and add the following section: 我们需要编辑Info.plist文件并添加以下部分:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsLocalNetworking</key>
<true/>
</dict>
to let iOS allow local networking without https errors. 让iOS允许没有https错误的本地网络。
解决方案3
0 2018-01-18 14:11:35
I was facing same problems. 我面临着同样的问题。 What I figured out and what works: 我发现了什么,什么可行:
let almgr:Alamofire.SessionManager = {
//getcertificates is my own method where i create certificate with data from my .cer file
let certificates = getCertificates()
let trustPolicy = ServerTrustPolicy.pinCertificates(certificates: certificates, validateCertificateChain: true, validateHost: true)
// Here was the problem. I had to modify that dict: (localhost with port and with .disableEvaluation)
let serverTrustPolicies = ["liper:8000":trustPolicy, "liper":.disableEvaluation]
let serverTrustPolicyManager = ServerTrustPolicyManager(policies: serverTrustPolicies)
let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = Alamofire.SessionManager.defaultHTTPHeaders
let man = Alamofire.SessionManager(configuration: URLSessionConfiguration.default, serverTrustPolicyManager: serverTrustPolicyManager)
return man
}()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.