无法信任在iphone上的自签名证书 [英] Unable to trust a self signed certificate on iphone

问题描述

我目前正在尝试连接到具有自签名证书的服务器。我使用NSURLConnection连接到服务器。如何确保我只信任正确的服务器并取消所有其他连接？我使用以下代码

I am currently trying to connect to a server with a self signed certificate. I am using NSURLConnection to connect to the server. How can I make sure that I only trust the right server and cancel all other connections? I am using the following code

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {  

    SecTrustResultType results;
    SecTrustRef trust = [[challenge protectionSpace] serverTrust];

    SecTrustEvaluate(trust, &results);

    if (results == kSecTrustResultProceed || results == kSecTrustResultConfirm) {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    } else {
        [challenge.sender cancelAuthenticationChallenge:challenge];
    }

}

目前 SecTrustEvaluate 始终返回结果等于 kSecTrustResultRecoverableTrustFailure 。我已使用iphone配置实用程序在手机上安装了配置文件，并将其标记为已验证，但未更改结果。

Currently SecTrustEvaluate always returns with results equal to kSecTrustResultRecoverableTrustFailure. I have installed a configuration profile with the certificate on the phone using the iphone configuration utility and it is marked as verified but it did not change the results.

任何人都可以帮助我获得自签名证书的 kSecTrustResultProceed 或 kSecTrustResultConfirm 的信任结果？

Can anyone help me get a trust result of either kSecTrustResultProceed or kSecTrustResultConfirm for a self signed certificate?

推荐答案

您需要确保您的证书有一定的扩展名。我配置了一个带有以下扩展名的证书，它对我有用（OpenSSL格式）：

You'll need to make sure that your certificate has certain extensions. I configured a certificate with the following extensions, and it worked for me (OpenSSL format):

basicConstraints=critical,CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=IP:192.168.x.y

这篇关于无法信任在iphone上的自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！