在ios5中阻止自签名的ssl证书 [英] preventing self signed ssl certificates in ios5
本文介绍了在ios5中阻止自签名的ssl证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用执行基本HTTP身份验证的代码,请参阅下文。这在IOS 5中运行良好。但现在我们将协议更改为https,我们使用了伪造的自签名证书。它也有效!这似乎不安全。有人知道你是否需要在这种方法中做些什么来阻止某些证书被接受?
I use code that does basic HTTP authentication, see below. This works fine in IOS 5. But now we changed the protocol to https and we used a fake, self signed, certificate. It also worked! This seems insecure. Does anybody know if you need to do something in this method to prevent certain certificates to be accepted?
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:
(NSURLAuthenticationChallenge *)challenge {
if ([challenge previousFailureCount] <= maxRetryCount ) {
NSURLCredential *newCredential =
[NSURLCredential
credentialWithUser: userName
password:password
persistence:NSURLCredentialPersistenceForSession];
[[challenge sender]
useCredential:newCredential
forAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Failure count %d",[challenge previousFailureCount]);
}
}
推荐答案
它看起来我自己找到了答案。这会阻止无效的证书。
使用有效证书登录时仍需测试它是否有效。
It looks I found the answer myself. This blocks the invalid certificates. Still have to test if it works when logging in with a valid certificate.
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:
(NSURLAuthenticationChallenge *)challenge {
if ([[[challenge protectionSpace] authenticationMethod] isEqualToString:@"NSURLAuthenticationMethodServerTrust"]) {
[[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge];
}
else {
if ([challenge previousFailureCount] <= maxRetryCount ) {
NSURLCredential *newCredential =
[NSURLCredential
credentialWithUser: userName
password:password
persistence:NSURLCredentialPersistenceForSession];
[[challenge sender]
useCredential:newCredential
forAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Failure count %d",[challenge previousFailureCount]);
}
}
}
这篇关于在ios5中阻止自签名的ssl证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文