帶SSL的iOS NSURLConnection:接受過期的自簽名證書
[英]iOS NSURLConnection with SSL: Accepting an expired self-signed certificate
問題描述
我有一個隨附的應用程序,該應用程序使用以下代碼使用該應用程序隨附的自簽名證書來保護SSL連接。
- (void) connection:(NSURLConnection *)conn willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
NSLog(@"didReceiveAuthenticationChallenge %@ FAILURES=%d", [[challenge protectionSpace] authenticationMethod], (int)[challenge previousFailureCount]);
/* Setup */
NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];
assert(protectionSpace);
SecTrustRef trust = [protectionSpace serverTrust];
assert(trust);
CFRetain(trust); // Make sure this thing stays around until we're done with it
NSURLCredential *credential = [NSURLCredential credentialForTrust:trust];
/* Build up the trust anchor using our root cert */
int err;
SecTrustResultType trustResult = 0;
err = SecTrustSetAnchorCertificates(trust, certs);
if (err == noErr) {
err = SecTrustEvaluate(trust,&trustResult);
}
CFRelease(trust); // OK, now we're done with it
// http://developer.apple.com/library/mac/#qa/qa1360/_index.html
BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultConfirm) || (trustResult == kSecTrustResultUnspecified));
// Return based on whether we decided to trust or not
if (trusted) {
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
} else {
NSLog(@"Trust evaluation failed for service root certificate");
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
不幸的是,我進行了巨大的疏忽。 SSL證書過期。 因此,當到期日期過去時,我假設該應用程序將停止正常運行! 對於當前版本的應用程序,我無能為力-它將很快停止工作。
我需要發布一個更新,為了避免將來再次出現此情況,我想允許自簽名證書即使已過期。
我如何修改上面的代碼以信任證書(即使證書已過期)?
1 個解決方案
解決方案1
0 2016-03-30 07:25:55
NSURLSessionConfiguration *sessionConfiguration = [NSURLSessionConfiguration defaultSessionConfiguration];
NSURLSession *session = [NSURLSession sessionWithConfiguration:sessionConfiguration delegate:self delegateQueue:Nil];
...
...
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler{
if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
if([challenge.protectionSpace.host isEqualToString:@"mydomain.com"]){
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential,credential);
}
}
}
使用NSURLConnection使用自簽名證書連接到https時,出現kSecTrustResultRecoverableTrustFailure
[英]kSecTrustResultRecoverableTrustFailure when connecting to https with self-signed certificate using NSURLConnection
iOS:自簽名證書有問題。 SSL握手錯誤(-9824)
[英]iOS: Having problems with self-signed certificate. SSL Handshake Error (-9824)
如何使用 iOS 7 的 NSURLSession 接受自簽名 SSL 證書
[英]How do I accept a self-signed SSL certificate using iOS 7's NSURLSession
如何允許用戶在iOS中使用AFNetworking信任並固定自簽名SSL證書
[英]How do I allow a user to trust and pin a self-signed SSL Certificate using AFNetworking in iOS
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
iOS App 不喜歡自簽名 SSL 證書
iOS 和 SSL:無法驗證自簽名服務器證書
iOS使用自簽名TLS / SSL證書連接不起作用
來自iOS App的自簽名SSL證書信任
使用NSURLConnection使用自簽名證書連接到https時,出現kSecTrustResultRecoverableTrustFailure
dataWithContentsOfURL iOS HTTPS自簽名證書
Ktor客戶端IOS和自簽名證書
iOS:自簽名證書有問題。 SSL握手錯誤(-9824)
如何使用 iOS 7 的 NSURLSession 接受自簽名 SSL 證書
如何允許用戶在iOS中使用AFNetworking信任並固定自簽名SSL證書
相關標簽