使用 UIWebView 忽略无效的服务器证书 [英] Ignoring Invalid Server Certificates with UIWebView
问题描述
我们有一个使用 UIWebView 来显示内容的 iOS 应用.我们使用如下代码加载数据:
We have an iOS app that uses a UIWebView to display content. We load it up with data with code that looks like this:
NSURL *url = [NSURL URLWithString:myURLString];
NSURLRequest *request = [NSURLRequest requestWithURL:url];
[_webView setDelegate:self];
[_webView loadRequest:request];
这曾经可以很好地处理 HTTP 请求,但现在我们对具有自签名 SSL 证书的服务器使用 HTTPS.运行上述代码时,会调用 webView:didFailLoadWithError: 委托方法,并出现以下错误:
This used to work fine with HTTP requests, but now we are using HTTPS against a server with a self-signed SSL certificate. When the above is run, the webView:didFailLoadWithError: delegate method gets called, with this error:
此服务器的证书无效.您可能正在连接到伪装成blah.blah.blah.com"的服务器,这可能会使您的机密信息面临风险."
The certificate for this server is invalid. You might be connecting to a server that is pretending to be "blah.blah.blah.com" which could put your confidential information at risk."
我想简单地忽略无效证书并继续请求,就像在 Mobile Safari 中所做的那样.
I would like to simply ignore the invalid certificate and go on with the request, as one can do in Mobile Safari.
我已经了解如何在使用 NSURLConnection 时解决此问题(请参阅 旧 iphone 3g 上的 HTTPS 请求,例如),但是 UIWebView 可以做什么?
I have seen how to work around this issue when using NSURLConnection (see HTTPS request on old iphone 3g, for example), but what can one do with a UIWebView?
我想我可以重新编写代码,以便它使用 NSURLConnection 发出请求,然后通过调用其 loadHTMLString:baseURL: 将结果放入 Web 视图中方法,但是当页面包含图像、CSS、JavaScript 等时,这将变得复杂.有没有更简单的方法?
I imagine that I could rework the code so that it uses NSURLConnection to make the requests and then puts the results into the web view by calling its loadHTMLString:baseURL: method, but that's going to get complicated when the pages have images, CSS, JavaScript, and so on. Is there an easier way?
推荐答案
请注意:目前不支持此 API,仅应在安全的测试环境中使用.有关详细信息,请查看此 CocoaNetics 文章.
Please note: This API is currently unsupported, and should really only be used in a safe testing environment. For further details, take a look at this CocoaNetics article.
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]]; 将允许您忽略证书错误.您还需要在文件开头添加以下内容,以授予您对这些私有 API 的访问权限:
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]]; will allow you to ignore certificate errors. You will also need to add the following to the beginning of your file to grant you access to these private APIs:
@interface NSURLRequest (DummyInterface)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
@end
这篇关于使用 UIWebView 忽略无效的服务器证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
