iOS 应用 SSL 握手失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15768143/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
iOS app SSL handshake failed
提问by JLau_cy
I am making an app to login to an aspx website over HTTPS by passing login credentials in a post method. When checking the response using Charles Proxy I can see a SSL Handshake failed error from seal.verisign.com, I am then taken back to the login page. I am not sure what I need to do to solve this issue.
我正在制作一个应用程序,通过在 post 方法中传递登录凭据来通过 HTTPS 登录到 aspx 网站。使用 Charles Proxy 检查响应时,我可以看到来自 Seal.verisign.com 的 SSL Handshake failed 错误,然后我被带回登录页面。我不确定我需要做什么来解决这个问题。
I am testing this in the iPhone simulator.
我正在 iPhone 模拟器中对此进行测试。
I do not have access to the server implementation.
我无权访问服务器实现。
Any ideas?
有任何想法吗?
Thank you!
谢谢!
回答by Vaiden
On iOS >= 10.3, after installing the Charles Proxy certificate (as per @ashish-verma's excellent answer), you also need to enable it through Settings-> General-> About-> Certificate Trust Settings:
在 iOS >= 10.3 上,安装 Charles Proxy 证书后(根据@ashish-verma 的优秀回答),您还需要通过Settings-> General-> About-> Certificate Trust Settings启用它:
Full setup here: http://www.devsbedevin.net/debugging-ios-ssl-traffic/
完整设置在这里:http: //www.devsbedevin.net/debugging-ios-ssl-traffic/
回答by Ben Thomas
If installing the certificate still doesn't help you, then it may be due to SSL Pinning.
如果安装证书仍然对您没有帮助,则可能是由于 SSL Pinning。
From charlesproxy.com:
来自 charlesproxy.com:
SSL Pinning Note that some apps implement SSL certificate pinning which means they specifically validate the root certificate. Because the app is itself verifying the root certificate it will not accept Charles's certificate and will fail the connection. If you have successfully installed the Charles root SSL certificate and can browse SSL websites using SSL Proxying in Safari, but an app fails, then SSL Pinning is probably the issue.
SSL 锁定 请注意,某些应用程序实现了 SSL 证书锁定,这意味着它们专门验证根证书。因为应用程序本身正在验证根证书,所以它不会接受 Charles 的证书并且会导致连接失败。如果您已成功安装 Charles 根 SSL 证书,并且可以在 Safari 中使用 SSL 代理浏览 SSL 网站,但应用程序失败,则 SSL Pinning 可能是问题所在。
回答by Jalakoo
Perhaps testing on an actual device will give more insight?
也许在实际设备上进行测试会提供更多见解?
To do that in Charles:
要在查尔斯中做到这一点:
- Goto Proxy: Proxy Settings...
- Proxies tab: Enter "8888" in the HTTP Proxy port: field
- SSL Tab: make sure the "Enable SSL Proxying" is on
- 转到代理:代理设置...
- 代理选项卡:在 HTTP 代理端口:字段中输入“8888”
- SSL 选项卡:确保“启用 SSL 代理”已打开
On your dev machine:
在您的开发机器上:
- Goto System Preferences: Network: Wifi: Advanced: TCP/IP Tab: Make note of the IPV4 Address: (i.e. 10.0.1.101)
- 转到系统偏好设置:网络:Wifi:高级:TCP/IP 选项卡:记下 IPV4 地址:(即 10.0.1.101)
On your iDevice:
在您的 iDevice 上:
- Goto http://charlesproxy.com/charles.crtfrom your device and download Charles SSL certificate
- Okay the certificate as trusted (be sure to disable or remove it once you're done)
- Goto the Settings App: Wifi: Select the detailed disclosure button (round blue button with the white arrow) for your network
- Under HTTP Proxy, select "Manual"
- Enter in the address from step (dev machine 1.) into the Server field, and the port number from step (charles 2.)
- 从您的设备转到http://charlesproxy.com/charles.crt并下载 Charles SSL 证书
- 好的证书是可信的(完成后一定要禁用或删除它)
- 转到设置应用程序: Wifi:为您的网络选择详细的披露按钮(带有白色箭头的圆形蓝色按钮)
- 在 HTTP 代理下,选择“手动”
- 在服务器字段中输入步骤 (dev machine 1.) 中的地址,以及步骤 (charles 2.) 中的端口号
Finally:
最后:
- Restart Charles
- Run Safari on your iDevice to test. This should prompt Charles to display a dialog box to allow or deny SSL proxying. Obviously allow and you should be good to go.
- 重启查尔斯
- 在您的 iDevice 上运行 Safari 进行测试。这应该会提示 Charles 显示一个对话框来允许或拒绝 SSL 代理。显然允许,你应该很高兴。
More Info at Charles's site: http://www.charlesproxy.com/documentation/proxying/ssl-proxying/
查尔斯网站上的更多信息:http: //www.charlesproxy.com/documentation/proxying/ssl-proxying/
Also, are you getting a response to the connection:(NSURLConnection*)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge*)challenge method?
另外,您是否收到了对连接的响应:(NSURLConnection*)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge*)challenge 方法?
回答by Ashish Verma
You need to install SSL certificate to resolve this issue.
您需要安装 SSL 证书才能解决此问题。
Follow these steps
按着这些次序
Open Safaribrowser on iOSSimulator
Type "www.charlesproxy.com/getssl"in address bar
- Install the SSLcertificate
- Restart Charles Proxy
在iOS模拟器上打开Safari浏览器
键入“www.charlesproxy.com/getssl”在地址栏
- 安装SSL证书
- 重启Charles 代理
回答by gWiz
It is possible that the server doesn't have a valid certificate for the url you are using. Did you check that?
服务器可能没有您使用的 url 的有效证书。你检查了吗?
If you try the url using a browser, does it give you a warning?
如果您使用浏览器尝试 url,它是否会给您警告?
回答by Rotues Jia
You have to install SSL certificate on mobile device.
您必须在移动设备上安装 SSL 证书。
Search online for how to install SSL certificate for Charles Proxy.
在线搜索如何为 Charles Proxy 安装 SSL 证书。
回答by anton46
Remove all old user credentials, then Re-Install new ssl certificate.
删除所有旧用户凭据,然后重新安装新的 ssl 证书。
回答by Bruno Cunha
If running on the simulator, just restart both Charles Proxy and the simulator, making sure Charles Proxy starts first
如果在模拟器上运行,只需重启 Charles Proxy 和模拟器,确保 Charles Proxy 先启动
