iOS 8在我的应用程序中断了SSL连接 - CFNetwork SSLHandshake失败（-9806） [英] iOS 8 has broken SSL connection in my app - CFNetwork SSLHandshake failed (-9806)

问题描述

我的应用只是连接到家用设备上的网络服务器并读取一些HTML。
使用http时工作正常，但现在在iOS 8上使用https时无效。

My app simply connects to a web server on a home device and reads some html. It works fine when using http, but now on iOS 8 when using https it does not work.

我使用 AFNetworking v1并使用这些覆盖方法覆盖SSL检查（是的我知道在正常情况下不应该这样做并且不安全等等......但这是另一个主题）。

I use AFNetworking v1 and override the SSL checks using these override methods (Yes I know in normal circumstances this shouldn't be done and is unsafe etc.., but thats another topic).

[self setAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge) {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
        }
    }];

[self setAuthenticationAgainstProtectionSpaceBlock:^BOOL(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace) {
        if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) {
                return YES; // Self-signed cert will be accepted
        }
        // If no other authentication is required, return NO for everything else
        // Otherwise maybe YES for NSURLAuthenticationMethodDefault and etc.
        return NO;
    }];

现在使用iOS 8我收到如下错误：

Now with iOS 8 I get an error like this:

CFNetwork SSLHandshake失败（-9806）

CFNetwork SSLHandshake failed (-9806)

CFNetwork SSLHandshake失败（-9806）

CFNetwork SSLHandshake failed (-9806)

CFNetwork SSLHandshake失败（-9806）

CFNetwork SSLHandshake failed (-9806)

NSURLConnection / CFURLConnection HTTP加载失败（kCFStreamErrorDomainSSL，-9806）

NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)

连接期间出错：错误域= NSURLErrorDomain代码= -1200发生SSL错误，无法建立与服务器的安全连接。 UserInfo = 0x7b66c110 {NSLocalizedDescription =发生了SSL错误，无法与服务器建立安全连接。，NSLocalizedRecoverySuggestion =您是否要连接到服务器？，_kCFStreamErrorCodeKey = -9806，NSErrorFailingURLStringKey = https://xxx.xxx.xxx.xxx:443/live.htm ，_ kCFStreamErrorDomainKey = 3，NSUnderlyingError = 0x7c0d8a20发生SSL错误，无法建立与服务器的安全连接。，NSErrorFailingURLKey = https://xxx.xxx.xxx.xxx:443/Info.live.htm }

Error during connection: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x7b66c110 {NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorCodeKey=-9806, NSErrorFailingURLStringKey=https://xxx.xxx.xxx.xxx:443/live.htm, _kCFStreamErrorDomainKey=3, NSUnderlyingError=0x7c0d8a20 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorFailingURLKey=https://xxx.xxx.xxx.xxx:443/Info.live.htm}

我已经尝试过切换到FSNetworking，设置此项时，有时有效：

I have tried changing over to FSNetworking, and it sometimes works when setting this:

- (void)connection:(NSURLConnection *)connection
willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {

    if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Ignoring SSL");
        SecTrustRef trust = challenge.protectionSpace.serverTrust;
        NSURLCredential *cred;
        cred = [NSURLCredential credentialForTrust:trust];
        [challenge.sender useCredential:cred forAuthenticationChallenge:challenge];
        return;
    }
}

但同时执行2个请求，只有1个会成功并且一个人会因上述类似的错误而失败。只有1个请求似乎达到了SSL覆盖点。

However doing 2 simultaneous request, only 1 will succeed and one will fail with a similar error to above. Only 1 request seems to reach the SSL override point.

任何人都可以对此有所了解，iOS 8中的更改是为了打破这一点，以及我如何修复它？

Can anyone please shed some light on this and whats changed in iOS 8 to break this, and how I can possibly fix it?

谢谢

推荐答案

我遇到了同样的iOS 8的问题。

I ran into the same kind of problem with iOS 8.

场景：

1. 致电我们的https服务器工作


2. 在我们的服务器上以 UIWebView
打开一个https URL

3. 所有未来 NSURLConnection 失败并带有 SSLHandshake 错误

1. Calls to our https server work
2. Open a https URL from our server in a UIWebView
3. All future NSURLConnections fail with a SSLHandshake error

useCredential：forAuthenticationChallenge 在我们之后立即调用SecTrust *方法时导致此错误（但仅在打开位于同一服务器上的https中的页面之后）。

useCredential:forAuthenticationChallenge was causing this error (but only after opening a page in https hosted on the same server) when we called SecTrust* methods right after.

此代码触发了错误：

[challenge.sender useCredential:urlCredential forAuthenticationChallenge:challenge];
SecTrustRef trustRef = [[challenge protectionSpace] serverTrust];
CFIndex count = SecTrustGetCertificateCount(trustRef);

但这个没有：

SecTrustRef trustRef = [[challenge protectionSpace] serverTrust];
CFIndex count = SecTrustGetCertificateCount(trustRef);
[challenge.sender useCredential:urlCredential forAuthenticationChallenge:challenge];

我不清楚为什么会导致 SSLHandshake 在iOS 8上失败但在iOS 7上失败。也许AFNetworking在 useCredential：forAuthenticationChallenge 之后做了一些导致同样问题的事情。

It is not clear to me why this was causing the SSLHandshake to fail on iOS 8 but not iOS 7. Maybe AFNetworking does something after useCredential:forAuthenticationChallenge which is causing the same problem.

这篇关于iOS 8在我的应用程序中断了SSL连接 - CFNetwork SSLHandshake失败（-9806）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！