SSL锁定快速应对身份验证挑战
[英]SSL Pinning in swift and authentication challenge
问题描述
I am trying to implement SSL pinning and I did, using the didReceiveAuthentication Challenge. 
我正在尝试实现SSL固定,并且使用didReceiveAuthentication Challenge做到了。 I do have a question, however, is that the description of this function 但是,我确实有一个问题是该功能的说明
https://developer.apple.com/documentation/webkit/wknavigationdelegate/1455638-webview?language=objc https://developer.apple.com/documentation/webkit/wknavigationdelegate/1455638-webview?language=objc
and so are the URLSession Version of it, both mentioned that only when the challenge is received. 以及它的URLSession版本,都提到仅当收到质询时。 My worry is that, would there be website that doesn't ask for client certificate at all? 我担心的是,是否会有网站根本不要求提供客户证书? If that is the case, how am I suppose to do SSL pinning then? 如果是这样,那我应该怎么做SSL固定呢?
1 个解决方案
解决方案1
1 已采纳 2019-01-03 18:28:37
Client-side certificate pinning has nothing to do with client certificates. 客户端证书固定与客户端证书无关。 didReceiveAuthenticationChallenge: is called in response to receiving the server's certificate as well. didReceiveAuthenticationChallenge:也会响应于接收到服务器的证书而被调用。 In that case it's called with the protectionSpace.authenticationMethod set to NSURLAuthenticationMethodServerTrust . 在这种情况下,可以将protectionSpace.authenticationMethod设置为NSURLAuthenticationMethodServerTrust进行NSURLAuthenticationMethodServerTrust 。 If the server requests a client certificate, it'll be called again with ...ClientCertificate . 如果服务器请求客户端证书,将使用...ClientCertificate再次调用它。 If Basic Auth is required, it'll be called again with ...HTTPBasic and so on. 如果需要基本...HTTPBasic验证,将使用...HTTPBasic等再次调用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.