堆栈内存溢出
  简体   繁体   English

Apple会批准使用自签名证书通过HTTPS进行通信的App吗?

[英]Will Apple approve App which communicates over HTTPS using Self Signed Certificate?

 原文  2012-06-02 19:09:12       iphone/ https/ nsurlconnection/ self-signed

问题描述

I am very very new to Mobile Apps development and HTTPs. 我对移动应用程序开发和HTTP非常陌生。 Please bear with me... I need your advice! 请耐心等待......我需要你的建议!

My iPhone app communicates with a server over HTTPS with uses Self Signed Certificate. 我的iPhone应用程序通过HTTPS与服务器通信,并使用自签名证书。

To fix situation with a warning message that my server is untrusted I used NSURLConnection delegate methods and this approach: 要通过警告消息修复我的服务器不受信任的情况,我使用了NSURLConnection委托方法和这种方法: 

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    }

    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

  1. My first question is this: Will Apple approve this approach? 我的第一个问题是:Apple会批准这种方法吗? Is it an allowed and legal way of dealing with HTTPs Requests when communicating with a server that uses Self Signed Certificate? 在与使用自签名证书的服务器通信时,它是否是允许和合法的方式处理HTTPs请求?

  2. When using the above mentioned approach to give my consent and still connect to an untrusted server, is my data going to be send over HTTPs and will it be encrypted? 当使用上述方法表示同意并仍然连接到不受信任的服务器时,我的数据是否将通过HTTP发送并且是否会被加密?

2 个解决方案

解决方案1
 2  2012-06-02 19:16:12

People do this all the time with Apple apps, for better or worse, without app store rejection. 人们一直使用Apple应用程序这样做,无论好坏,没有应用商店拒绝。 However, a safer approach would be to (1) use an officially-signed certificate, or (2) get your app to accept only your self-signed certificate. 但是,更安全的方法是(1)使用官方签名的证书,或(2)让您的应用程序仅接受您的自签名证书。

解决方案2
 1  2012-06-02 19:16:02

  1. There is no issue with approach that could result in rejection. 方法没有问题可能导致拒绝。
  2. If the request is POST type then the data will be encrypted. 如果请求是POST类型,则数据将被加密。 But for more security you can add more encryption to your data if required. 但为了更安全,您可以根据需要为数据添加更多加密。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用自签名SSL证书连接到HTTPS - Connecting to the HTTPS using self signed SSL certificate AFNetworking https自签名证书 - AFNetworking https self signed certificate 如何在UIWebView上加载网页(使用自签名证书的Https)? - How to load a webpage (Https using a self signed certificate) on the UIWebView? 苹果会批准一个内部使用Google开发的库的应用吗? - Will Apple approve an app which internally uses a library developed by Google? 如何在iOS应用程序中使用自签名证书 - How to use self signed certificate at iOS app 无法验证软件包,未使用苹果提交证书签名 - unable to authenticate the package, not signed using the apple submission certificate 应用程序在后台使用CoreBluetooth进行通信 - App communicates using CoreBluetooth in background 无法信任iphone上的自签名证书 - Unable to trust a self signed certificate on iphone 无效的签名,自签名证书? - invalid signature, self-signed certificate? 将自签名证书添加到 iPhone 模拟器? - Adding a self-signed certificate to iPhone Simulator?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM