iOS和Erlang-SSL握手失敗,並帶有自簽名證書
[英]iOS and Erlang - SSL Handshake failed with self signed certificates
問題描述
我正在嘗試通過TCP / IP從iOS到Erlang服務器創建SSL連接。 服務器正在使用自簽名證書(Erlang OTP隨附的默認證書)。
每次SSL握手都會失敗:-CFNetwork SSLHandshake失敗(-9824-> -9829)-CFNetwork SSLHandshake失敗(-9807)
這是我使用的一種方法:
CFReadStreamRef readStream;
CFWriteStreamRef writeStream;
CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)@"my-server-name", 1234, &readStream, &writeStream);
//------------------------------------------------------
// Set props.
//
CFReadStreamSetProperty(readStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
CFReadStreamSetProperty(readStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFReadStreamSetProperty(readStream, kCFStreamSSLPeerName, kCFNull);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySocketSecurityLevel, kCFStreamSocketSecurityLevelNegotiatedSSL);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFWriteStreamSetProperty(writeStream, kCFStreamSSLPeerName, kCFNull);
//------------------------------------------------------
// Open streams.
//
if(!CFReadStreamOpen(readStream))
{
NSLog(@"CFReadStreamOpen Failed!");
return 0;
}
if(!CFWriteStreamOpen(writeStream))
{
NSLog(@"CFWriteStreamOpen Failed!");
CFReadStreamClose(readStream);
return 0;
}
//------------------------------------------------------
// Send some data.
//
UInt8 data[20] = {0};
*(ushort*)data = 18;
for(int i = 2; i < 20; i++)
{
data[i] = 'A' + i;
}
NSLog(@"Sending some data...");
CFIndex bytesSent = CFWriteStreamWrite(writeStream, data, 20);
NSLog(@"Bytes Sent: %d", (int)bytesSent);
//------------------------------------------------------
// Close streams.
//
CFReadStreamClose(readStream);
CFWriteStreamClose(writeStream);
我也嘗試了SecureTransport(SSLCreateContext,SSLSetConnection,SSLHandshake,它是相同的-SSL握手失敗。
任何建議都非常感謝。
2 個解決方案
解決方案1
1 2015-02-07 03:16:08
該錯誤有許多可能的原因。 您可能應該首先在Mac上使用curl命令來訪問Erlang服務器。 Curl將為您提供更多描述性錯誤。 您需要傳遞-k標志,以使其忽略證書錯誤。
一些快速的可能性:您的Objective-C代碼是否設置為允許無效證書? 它是否設置為驗證域名,並且您的開發設置不執行反向DNS?
解決方案2
0 2015-10-04 10:41:21
如果問題與AppTransport有關,則可以在MacOS 10.11上運行/usr/bin/nscurl --ats-diagnostics --verbose yourdomain.com來查找所需的異常。
iOS:自簽名證書有問題。 SSL握手錯誤(-9824)
[英]iOS: Having problems with self-signed certificate. SSL Handshake Error (-9824)
Xamarin iOS覆蓋自簽名證書的TLS鏈驗證
[英]Xamarin iOS overriding TLS chain validation for self-signed certificates
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.