为什么 ssl pinning 对同步请求不起作用?
[英]Why is ssl pinning not working on synchronous requests?
问题描述
I want to do ssl pinning with Alamofire library, but it doesn't work for sync requests.
我想用 Alamofire 库做 ssl pinning,但它不适用于同步请求。
I am using the following library to sync Alamofire request: https://github.com/Dalodd/Alamofire-Synchronous In async call I get cancaled with code -999 but when I try with sync I get all responses with 200. My code is like this:我正在使用以下库来同步 Alamofire 请求: https ://github.com/Dalodd/Alamofire-Synchronous 在异步调用中,我使用代码 -999 进行了取消,但是当我尝试使用同步时,我得到所有响应为 200。我的代码是像这样:
let hostname = "..."
let cert = "..." // e.g. for cert.der, this should just be "cert"
let pathToCert = Bundle.main.path(forResource: cert, ofType: "der")
let localCertificate = NSData(contentsOfFile: pathToCert!)
let certificates = [SecCertificateCreateWithData(nil,
localCertificate!)!]
// Configure the trust policy manager
let serverTrustPolicy = ServerTrustPolicy.pinCertificates(
certificates: certificates,
validateCertificateChain: true,
validateHost: true
)
let serverTrustPolicies = [hostname: serverTrustPolicy]
let serverTrustPolicyManager = ServerTrustPolicyManager(policies:
serverTrustPolicies)
// Configure session manager with trust policy
let defaultManager = Alamofire.SessionManager(
configuration: URLSessionConfiguration.default,
serverTrustPolicyManager: serverTrustPolicyManager
)
let manager = defaultManager
manager.session.configuration.timeoutIntervalForRequest = 120
let request = getRequest(object, endPoint: endPoint)
let response = manager.request(request).responseString()
If I don't use semaphore in the code below the request is aborted but if I use it I get 200 responses如果我不在下面的代码中使用信号量,请求将被中止,但如果我使用它,我会得到 200 个响应
public func response<T: DataResponseSerializerProtocol>(responseSerializer: T) ->
DataResponse<T.SerializedObject> {
let semaphore = DispatchSemaphore(value: 0)
var result: DataResponse<T.SerializedObject>!
self.response(queue: DispatchQueue.global(qos: .default), responseSerializer: responseSerializer) { response in
result = response
semaphore.signal()
}
_ = semaphore.wait(timeout: DispatchTime.distantFuture)
return result
}
How is this possible?这怎么可能?
1 个解决方案
解决方案1
2 已采纳 2022-05-16 17:13:42
Using Alamofire synchronously is not supported so any misbehaviors you see when doing this are unlikely to be fixed.不支持同步使用 Alamofire,因此您在执行此操作时看到的任何不当行为都不太可能得到修复。
Additionally, that dependency is using Alamofire 4, where 5 is the latest version, so if you really want the behavior I suggest implementing it manually using the latest version.此外,该依赖项使用的是 Alamofire 4,其中 5 是最新版本,所以如果您真的想要这种行为,我建议使用最新版本手动实现它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.