如何在iOS中检索ssl服务器证书? [英] How to retrieve the ssl server certificate in iOS?
问题描述
我希望能够获得ssl证书(如果可能的话+链),以便能够显示专有名称并确定它是否是EV证书。 (通过证书策略检测EV证书(维基百科)
I'd like to be able to get the ssl certificate (+chain if possible) to be able to display the distinguished name and to determine if it is an EV certificate. (detecting EV certs via certificate policies (wikipedia)
从我看到的情况来看,只有证书是自签名的,才能获得一些证书详细信息。
From what I've seen you only get presented with some certificate details if the certificate is self-signed.
是否可以使用较低层CFNetwork检索证书?
Is it possible using lower layers like CFNetwork to retrieve the certificate(s)?
推荐答案
通过 macnetworkprog.lists.apple.com 邮件列表
http://web.archiveorange.com/archive/v/x0fiWEI9emJFc36DY0UP 并提到了开发人员论坛中的几个地方
via the macnetworkprog.lists.apple.com mailing list http://web.archiveorange.com/archive/v/x0fiWEI9emJFc36DY0UP and mentioned a few places in the Developer Forums
嗯,默认的TLS安全策略应该足够了,但如果你想参与
在这个过程中你可以通过实现
-connection来实现(在iPhone OS和
3.0及更高版本和Mac OS X 10.6上):canAu thenticateAgainstProtectionSpace:
-connection:didReceiveAuthenticationChallenge:委托回调,
寻找NSURLAuthenticationMethodServerTrust认证
方法。
Well, the default TLS security policy should be sufficient, but if you want to get involved in this process you can do so (on iPhone OS 3.0 and later, and Mac OS X 10.6) by implementing the
-connection:canAuthenticateAgainstProtectionSpace:and-connection:didReceiveAuthenticationChallenge:delegate callbacks, looking for anNSURLAuthenticationMethodServerTrustauthentication method.
要做到这一点:
-
实施
-connection:canAuthenticateAgainstProtectionSpace:委托回调。
在您的实现中,如果
保护空间的身份验证方法是 NSURLAuthenticationMethodServerTrust ,那么您有
两种选择:
In your implementation, if the authentication method of the
protection space is NSURLAuthenticationMethodServerTrust, you have
two choices:
2a。返回否,并启用默认的TLS算法。
2a. Return NO, and let the default TLS algorithm kick in.
2b。返回 YES ,在这种情况下,将调用 -connection:didReceiveAuthenticationChallenge:委托回调。
2b. Return YES, in which case your -connection:didReceiveAuthenticationChallenge: delegate callback will be called.
如果您想在做出
决定之前查看证书,可以致电 -serverTrust 在保护空间对象上获取
获取信任对象,然后使用 SecTrust API 获取
证书链。
If you want to look at the certificates before you make that
decision, you can call -serverTrust on the protection space object to
get a trust object, and then use the SecTrust API to get the
certificate chain.
-
如果你选择路径2b,你的
-connection:didReceiveAuthenticationChallenge:委托回调将会被调用。您有两种选择:
If you take path 2b, your
-connection:didReceiveAuthenticationChallenge:delegate callback will be called. You have two choices:
3a。通过在质询的发件人上调用 -cancelAuthenticationChallenge:来禁止连接。
3a. Disallow the connection by calling -cancelAuthenticationChallenge: on the challenge's sender.
3b。通过在质询的发件人上调用 -useCredential:forAuthenticationChallenge:来允许连接。要获取凭证,请致电 - [NSURLCredential initWithTrust:] 。在这里传递的信任对象实际上并不重要;来自保护空间的那个会做。
3b. Allow the connection by calling -useCredential:forAuthenticationChallenge: on the challenge's sender. To get a credential, call -[NSURLCredential initWithTrust:]. It doesn't actually matter what trust object you pass in here; the one from the protection space will do.
您不必同步执行此操作。你可以锁定
挑战并从你的委托回调中返回,然后在将来某个时候解决
挑战。
You don't have to do this synchronously. You can just latch the challenge and return from your delegate callback and then resolve the challenge at some point in the future.
这篇关于如何在iOS中检索ssl服务器证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
