iPhone上的SSL问题 [英] SSL problem on iPhone
问题描述
我已经在网站上添加了SSL证书(来自godaddy,但也尝试过speedssl)。
I've added an SSL certificate (from godaddy, but also tried rapidssl) to a website.
Safari,IE可以浏览到https://并报告证书有效,没有任何警告。但是,如果我尝试从iPhone浏览到相同的地址,则会收到无效的证书错误。我正在使用heroku作为相关网站的主机。
Safari, and IE can both browse to https:// and report that the certificate is valid, with no warnings. If, however, I try to browse to the same address from an iPhone I get an invalid certificate error. I'm using heroku as a host for the website in question.
有人见过这个吗?我很难理解为什么2个不同的iphone无法做到这一点,但桌面浏览器就好了...
Has anybody seen this? I'm stumped why 2 different iphones would fail to do this, but desktop browsers are just fine...
推荐答案
这里的问题原来是iPhone不支持服务器名称指示(SNI),这是从heroku使SNI SSL工作所必需的。 (编辑)现在iOS 3.2以上版本支持。
The problem here turned out to be that the iPhone does not support Server Name Indication (SNI), which is required to make SNI SSL from heroku to work. (EDIT) It is now supported on iOS 3.2 onwards.
您可以通过手机访问Safari中的以下网址来确认SNI:
You can confirm SNI by going to the following URL from Safari on the phone:
我发现我可以在iphone客户端中设置以下SSL设置:
I figured out I can set the following SSL setting in the iphone client:
kCFStreamSSLPeerName = Null
kCFStreamSSLPeerName = Null
...这解决了这个问题。但我还没有弄清楚这会如何影响安全性 - 文档不是很清楚。
... and this fixes the problem. But I haven't figured out yet how this affects security - the docs aren't very clear.
据我了解,当您在云主机(如heroku)上设置自定义域时,它指向代理,并且该名称与您的名称不匹配证书主机名。诸如Safari和IE之类的浏览器支持SNI,并知道如何解决这个问题 - 但手机没有。
As far as I understand this, when you setup a custom domain on a cloud host such as heroku, it points to a proxy, and that name doesn't match your certificate host name. Browsers such as Safari and IE support SNI, and know how to figure this out - but the phone doesn't.
正如我上面所说,这不是一个问题现在,除非你支持iOS 3.1.3或更低......
As I said above, this is less of an issue now, unless you are supporting iOS 3.1.3 or less...
这篇关于iPhone上的SSL问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
