HTTPS 与 NSURLConnection - NSURLErrorServerCertificateUntrusted [英] HTTPS with NSURLConnection - NSURLErrorServerCertificateUntrusted

问题描述

我有一个通过 http 连接正常的应用程序.尝试 https 时，我收到错误消息，指出根证书不受信任.我找到了我的站点证书、它的 CA 证书和 CA 的根证书的 URL，并通过 Safari 将它们添加到手机中.现在，当我转到 Preferences -> General -> Profiles 时，我可以看到我所有的证书，这些证书一直沿链向上.每个证书上都有一个红色的未签名标签.仍然当我连接时，我收到 NSURLErrorServerCertificateUntrusted 错误.我正在想办法下一步要去哪里.

I have an application that connects fine over http. When trying https I got the error that says that the root cert is not trusted. I found URLs for my site certificate, its CA certificate, and the CA's root certificate and have added them through Safari to the phone. Now when I go to Preferences -> General -> Profiles I can see all my certificates that go all the way up the chain. There is a red unsigned label on each certificate. Still when I connect I get the NSURLErrorServerCertificateUntrusted error. I'm trying to figure where to go next.

任何帮助都会很棒.唯一可能影响这一点的另一件事是我正在连接到一个奇怪的端口.所以我的网址是 www.domain.com:port.端口号是否创建证书-域名不匹配?

Any help would be great. The only other thing that may affect this, is that I am connecting to an odd port. So my url is www.domain.com:port. Does the port number create a certificate - domain name mismatch?

现在我已经使用 iPhone 配置实用程序向手机添加了配置文件.它有我的根证书、ca 证书和站点证书.手机上的个人资料显示已验证.在详细信息中，我可以看到我的三个证书.但是当我尝试连接时，我仍然收到不受信任的证书错误.有什么建议吗?

Now I have used the iPhone Configuration Utility to add a configuration profile to the phone. It has my root certificate, ca certificate, and site certificate. The profile on the phone says its verified. In the details I can see my three certificates. But when I try to connect, I still get the untrusted certificate error. Any suggestions?

只是想看看其他人是否可以提供帮助?

Just trying to see if anyone else can help on this?

推荐答案

有一个受支持的 API，用于在 NSURLConnection 加载期间忽略错误的证书.为此，只需在您的 NSURLConnection 委托中添加类似的内容:

There is a supported API for ignoring bad certificates during NSURLConnection loads. To do so, simply add something like this to your NSURLConnection delegate:

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
  return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
  if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    if (... user allows connection despite bad certificate ...)
      [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

  [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

注意connection:didReceiveAuthenticationChallenge:可以在(很长时间)之后将其消息发送给challenge.sender，如果有必要，在向用户显示对话框等之后.

Note that connection:didReceiveAuthenticationChallenge: can send its message to challenge.sender (much) later, after presenting a dialog box to the user if necessary, etc.

这篇关于HTTPS 与 NSURLConnection - NSURLErrorServerCertificateUntrusted的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！