[英]preventing self signed ssl certificates in ios5
我使用執行基本HTTP身份驗證的代碼,請參見下文。 這在IOS 5中可以正常工作。但是現在我們將協議更改為https,並使用了偽造的,自簽名的證書。 它也有效! 這似乎是不安全的。 有人知道您是否需要采取這種方法來防止某些證書被接受嗎?
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:
(NSURLAuthenticationChallenge *)challenge {
if ([challenge previousFailureCount] <= maxRetryCount ) {
NSURLCredential *newCredential =
[NSURLCredential
credentialWithUser: userName
password:password
persistence:NSURLCredentialPersistenceForSession];
[[challenge sender]
useCredential:newCredential
forAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Failure count %d",[challenge previousFailureCount]);
}
}
看來我自己找到了答案。 這將阻止無效證書。 使用有效證書登錄時,仍然必須測試它是否有效。
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:
(NSURLAuthenticationChallenge *)challenge {
if ([[[challenge protectionSpace] authenticationMethod] isEqualToString:@"NSURLAuthenticationMethodServerTrust"]) {
[[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge];
}
else {
if ([challenge previousFailureCount] <= maxRetryCount ) {
NSURLCredential *newCredential =
[NSURLCredential
credentialWithUser: userName
password:password
persistence:NSURLCredentialPersistenceForSession];
[[challenge sender]
useCredential:newCredential
forAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Failure count %d",[challenge previousFailureCount]);
}
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.