[英]Boring SSL Handshake Failure and Error copying Identity Cred
I am trying to use Self Signed certificate for my request through Alamofire. 我正在尝试通过Alamofire使用自签名证书。
let trustPolicy = ServerTrustPolicy.pinCertificates(certificates: [certificate], validateCertificateChain: true, validateHost: true)
让trustPolicy = ServerTrustPolicy.pinCertificates(证书:[证书],validateCertificateChain:true,validateHost:true)
let serverTrustPolicies: [String: ServerTrustPolicy] = [ "https:-domain-name": trustPolicy,"domain-name" : .disableEvaluation] let policyManager = ServerTrustPolicyManager(policies: serverTrustPolicies)
But I am getting following error. 但是我得到以下错误。
CredStore - copyIdentPrefs - Error copying Identity cred.
CredStore-copyIdentPrefs-复制身份凭证时出错。 Error=-25300, query={ class = idnt;
错误= -25300,查询= {class = idnt; labl = " https://domain-name:443/ ";
labl =“ https://域名:443 / ”; "r_Ref" = 1;
“ r_Ref” = 1; }
}
and 和
[BoringSSL] boringssl_context_alert_callback_handler(3724) [C1.1:2][0x139d1bd20] Alert level: fatal, description: handshake failure 2019-01-22 15:34:23.448605+0530 DB[1276:264543] [BoringSSL] boringssl_session_errorlog(224) [C1.1:2][0x139d1bd20] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1): operation failed within the library
[BoringSSL] boringssl_context_alert_callback_handler(3724)[C1.1:2] [0x139d1bd20]警报级别:严重,描述:握手失败2019-01-22 15:34:23.448605 + 0530 DB [1276:264543] [BoringSSL] boringssl_session_errorlog(224 )[C1.1:2] [0x139d1bd20] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1):库中的操作失败
2019-01-22 15:34:23.448796+0530
2019-01-22 15:34:23.448796 + 0530
DB[1276:264543] [BoringSSL] boringssl_session_handshake_error_print(205) [C1.1:2][0x139d1bd20] 5266093016:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.230.1/ssl/tls_record.cc:586:SSL alert number 40
DB [1276:264543] [BoringSSL] boringssl_session_handshake_error_print(205)[C1.1:2] [0x139d1bd20] 5266093016:错误:10000410:SSL例程:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:/ BuildRoot / Library / Caches / com。 /boringssl/boringssl-109.230.1/ssl/tls_record.cc:586:SSL警报编号40
2019-01-22 15:34:23.448986+0530 DB[1276:264543]
2019-01-22 15:34:23.448986 + 0530 DB [1276:264543]
[BoringSSL] boringssl_context_get_error_code(3545) [C1.1:2][0x139d1bd20] SSL_AD_HANDSHAKE_FAILURE
[BoringSSL] boringssl_context_get_error_code(3545)[C1.1:2] [0x139d1bd20] SSL_AD_HANDSHAKE_FAILURE
2019-01-22
2019年1月22日
15:34:23.464957+0530 DB[1276:264543] TIC Read Status [1:0x281599800]: 1:-9824
15:34:23.464957 + 0530 DB [1276:264543] TIC读取状态[1:0x281599800]:1:-9824
2019-01-22 15:34:23.467598+0530
2019-01-22 15:34:23.467598 + 0530
DB[1276:264543] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> HTTP load failed (error code: -9824 [1:-9824])
DB [1276:264543]任务<43E199F9-B030-4BFD-B9E0-8C9F59B43E72>。<1> HTTP加载失败(错误代码:-9824 [1:-9824])
2019-01-22
2019年1月22日
15:34:23.468019+0530 DB[1276:264574] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> finished with error - code: -9824 2019-01-22 15:34:23.470149+0530 DB[1276:264574] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> load failed with error Error Domain=NSPOSIXErrorDomain Code=-9824 "Unknown error: -9824" UserInfo={_NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1>, _kCFStreamErrorDomainKey=1, NSErrorPeerAddressKey={length = 16, capacity = 16, bytes = 0x100201bb03106e120000000000000000}, _kCFStreamErrorCodeKey=-9824, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1>" )} [-9824]
15:34:23.468019 + 0530 DB [1276:264574]任务<43E199F9-B030-4BFD-B9E0-8C9F59B43E72>。<1>已完成但有错误-代码:-9824 2019-01-22 15:34:23.470149 + 0530 DB [1276:264574]任务<43E199F9-B030-4BFD-B9E0-8C9F59B43E72>。<1>加载失败,并出现错误错误域= NSPOSIXErrorDomain代码= -9824“未知错误:-9824” UserInfo = {_ NSURLErrorFailingURLSessionTaskErrorKey = LocalDataTask <43E199F9-B030 -4BFD-B9E0-8C9F59B43E72>。<1>,_kCFStreamErrorDomainKey = 1,NSErrorPeerAddressKey = {长度= 16,容量= 16,字节= 0x100201bb03106e120000000000000000},_kCFStreamErrorCodeKey = -9824,_NSURLErrorRelatedURLSessionTaskErrorKey =(“ -4FFD-B-9B -8C9F59B43E72>。<1>“)} [-9824]
Have been trying this from past 1 week. 过去1周以来一直在尝试此操作。 Any help would be appreciated.
任何帮助,将不胜感激。
Disabling evaluation in Alamofire doesn't disable the system's base verification of certificates which blocks self-signed certificates by default. 在Alamofire中禁用评估不会禁用证书的系统基本验证,默认情况下会阻止自签名证书。 I suggest you read Apple's ATS documentation , but I'm guessing this will require some combination of
NSExceptionAllowsInsecureHTTPLoads
for your domain and other settings. 我建议您阅读Apple的ATS文档 ,但我猜想这将需要将
NSExceptionAllowsInsecureHTTPLoads
用于您的域和其他设置。 You should also make sure not to ship those settings if you can help it. 如果可以帮助,还应确保不要发布这些设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.