iOS-（kCFStreamErrorDomainSSL，-9813） [英] iOS - (kCFStreamErrorDomainSSL, -9813)

问题描述

连接到客户端服务器时，我得到（kCFStreamErrorDomainSSL，-9813）。

I'm getting (kCFStreamErrorDomainSSL, -9813) when connecting to a client's server.

客户端的服务器具有我无法更改的自签名证书。该应用程序正在使用AFNetworking3.x。我尝试了以下方法，但似乎无济于事。

The client's server has a self signed certificate that I can not change. The app is using AFNetworking 3.x. I've tried the following but nothing seems to work.

如果有人可以帮助我，将不胜感激。

If someone could help me, it will be much appreciated.

Info.plist：

Info.plist:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
        <true/>

        <key>NSExceptionDomains</key>
        <dict>
            <key> *** CLIENT HOSTNAME *** </key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.0</string>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>

    </dict>

AFNetworking连接管理器：

AFNetworking connection manager:

AFHTTPSessionManager *manager = [[AFHTTPSessionManager alloc]initWithSessionConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];

#ifdef USE_SELF_SIGNED_CERT_RULES
    manager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
    manager.securityPolicy.allowInvalidCertificates = YES;
    manager.securityPolicy.validatesDomainName = YES;
#endif

推荐答案

我遇到了同样的问题。我尝试了您的解决方案，但没有成功。设置 allowInvalidCertificates ， validatesDomainName 和 AFSSLPinningModeCertificate 无法解决我的问题。经过大量的搜索之后，我看到了 AFSecurityPolicy 此类的结构。

I had the same problem. I tried your solution but it did not work. Settings allowInvalidCertificates , validatesDomainName and AFSSLPinningModeCertificate did not solved my problem. After going through lots of googling I saw the structure of AFSecurityPolicy this class.

此类中有一个函数

- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
              forDomain:(nullable NSString *)domain;

您必须将 AFSecurityPolicy 子类化并返回<​​strong> YES

You have to subclass the AFSecurityPolicy and return YES in its implementation. Then you will be able to connect to your server.

我的客户端服务器也是自签名的。

My client server was also self-signed.

AFSecurityPolicy上的设置属性无法解决问题，我想知道为什么。

Settings properties on AFSecurityPolicy does not solve the problem, I wonder why.

这篇关于iOS-（kCFStreamErrorDomainSSL，-9813）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！