无法使用自签名证书AFNetworking 2 [英] Unable to use self signed certificate with AFNetworking 2

问题描述

我把在X code项目所使用的Apache服务器的.cer证书。当应用程序试图与服务器会话我X $ C $ç得到这个错误：

I put the .cer certificate used by the Apache Server in the Xcode project. When the app tries to talk to the server I get this error in Xcode:

Assertion failure in id AFPublicKeyForCertificate(NSData *__strong)(),
/Users/../ProjectName/AFNetworking/AFSecurityPolicy.m:52
*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', 
reason: 'Invalid parameter not satisfying: allowedCertificate'

下面是code调用服务器：

Here is the code for calling the server :

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.responseSerializer = [AFJSONResponseSerializer serializer];
[self setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]];
[manager POST:@"https://www.example.com/" parameters:params success:^(AFHTTPRequestOperation *operation, id responseObject) {
//success
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
//failure
}];

我改变钉住模式，没有运气AFSSLPinningModeCertificate。

I changed the pinning mode to AFSSLPinningModeCertificate with no luck.

当我删除此行：

[self setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]];

服务器的错误消息进行响应：

the server responds with the error message:

"The operation couldn't be completed. (NSURLErrorDomain error -1012.)"

该证书使用OpenSSL创建的，我甚至尝试从StartSSL.com

The certificate was created using OpenSSL, and I even tried a free certificate from StartSSL.com

对于Apache服务器端，这里是虚拟主机配置：

As for the Apache Server side, here is the virtual host configuration:

# My custom host
<VirtualHost *:443>
    ServerName www.example.com
    DocumentRoot "/path/to/folder"
    SSLEngine on
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLCertificateFile /path/to/www.example.com.cer
    SSLCertificateKeyFile /path/to/www.example.com.key
    <Directory "/the/directory/">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog "logs/mysite.local-error_log"
</VirtualHost>

和服务器没有听443端口

and the server does listen to the 443 port

推荐答案

它看起来像你的证书文件是不是在正确的格式。您code。在这些线路出现故障（ AFURLConnectionOperation / pinnedPublicKeys ）

It looks like your certificate file is not in the right format. Your code fails at these lines (AFURLConnectionOperation/pinnedPublicKeys):

SecCertificateRef allowedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)data);
NSParameterAssert(allowedCertificate);

我有同样的错误（在 AFNetworking 1.1 ，但版本不应该的问题），当我的证书看起来像这样：

I had the same error (on AFNetworking 1.1, but the version should not matter), when my certificate was looking like this:

-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE----- 

我设法证书转换为X509格式，使用命令从这个答案来解决此问题：

openssl x509 -in adn.crt -outform der -out "adn.der"

后来我改名 adn.der 回 adn.cer （.CER似乎预期扩展 AFNetworking ），而现在一切都运行良好。

Afterwards I renamed adn.der back to adn.cer ('.cer' seems to be the expected extension for AFNetworking), and everything works well now.

这篇关于无法使用自签名证书AFNetworking 2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！