ios NSURLSession "HTTP 加载失败 kCFStreamErrorDomainSSL, -9813 ; 自签名证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30791361/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
NSURLSession "HTTP load failed kCFStreamErrorDomainSSL, -9813 ; Self signing certificate
提问by Marcus
I'm trying to connect my iOS app to an HTTPS Rails app which is currently run on a local host in my network. I can access the site from my browser with https://myIP:3000/displayas well as in the command line with a curl request. I'm trying to access it from my app using:
我正在尝试将我的 iOS 应用程序连接到当前在我网络中的本地主机上运行的 HTTPS Rails 应用程序。我可以通过浏览器访问该站点,也可以通过https://myIP:3000/displaycurl 请求在命令行中访问该站点。我正在尝试使用以下方法从我的应用程序访问它:
class FirstViewController: UIViewController {
override func viewDidLoad() {
super.viewDidLoad()
//let url = NSURL(string: "https://another/Sinatra/website/feed")
let url = NSURL(string: "https://myIP:3000/display")
let request = NSURLRequest(URL: url!)
let task = NSURLSession.sharedSession().dataTaskWithURL(url!)
task!.resume()
}
When I try to access the sinatra website I have no trouble and can even print out the JSON to the console with the correct commands. However, when I set url to my Rails website I get the following error.
当我尝试访问 sinatra 网站时,我没有问题,甚至可以使用正确的命令将 JSON 打印到控制台。但是,当我将 url 设置为 Rails 网站时,出现以下错误。
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
NSURLSession/NSURLConnection HTTP 加载失败(kCFStreamErrorDomainSSL,-9813)
In addition, I can tell that my localhost Rails app (on the other machine) is not pinged from the iOS app, but is pinged from the browser and curl command.
此外,我可以看出我的 localhost Rails 应用程序(在另一台机器上)不是从 iOS 应用程序 ping 的,而是从浏览器和 curl 命令 ping 的。
Any ideas how to fix this?
任何想法如何解决这一问题?
回答by Antoine
If I understood well, Apple now wants the developers to use HTTPS and TLS 1.2 for network calls.
如果我理解得很好,Apple 现在希望开发人员使用 HTTPS 和 TLS 1.2 进行网络调用。
Temporary, you can add this in your "Info.plist" file :
临时,您可以将其添加到“Info.plist”文件中:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Just have a look to this link, it may also help you : http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/
看看这个链接,它也可以帮助你:http: //ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/
--
——
Update: Following some comments the above solution is not anymore working. Here is an updated solution.
更新:根据一些评论,上述解决方案不再有效。这是一个更新的解决方案。
- Go to your
Info.plistfile. - Add a row of Type
Dictionaryand of KeyApp Transport Security Settings. - In this Dictionary, add a row of Type
Boolean, of KeyAllow Arbitrary Loadsand of ValueYES
- 转到您的
Info.plist文件。 - 添加一行Type
Dictionary和KeyApp Transport Security Settings。 - 在此 Dictionary 中,添加一行Type
Boolean、KeyAllow Arbitrary Loads和ValueYES
-
——
Otherwise you can set Domain Exceptions. This is how to do :
否则你可以设置Domain Exceptions. 这是如何做的:
- Go to your
Info.plistfile. - Add a row of Type
Dictionaryand of KeyApp Transport Security Settings. - Add a row of Type
Dictionaryand of KeyException Domains. - Add a row of Type
Dictionaryand of KeyThe domain. - Add two rows of Type
Booleanand of KeyNSExceptionAllowsInsecureHTTPLoads&NSIncludesSubdomainswith ValuetoYES.
- 转到您的
Info.plist文件。 - 添加一行Type
Dictionary和KeyApp Transport Security Settings。 - 添加一行Type
Dictionary和KeyException Domains。 - 添加一行Type
Dictionary和KeyThe domain。 - 将两行Type
Boolean和KeyNSExceptionAllowsInsecureHTTPLoads&NSIncludesSubdomainswith Value 添加到YES。
Links
链接
https://forums.developer.apple.com/message/5857#5857
https://forums.developer.apple.com/message/5857#5857
回答by Brian
This is a trust issue. With a self-signed certificate, the identity verification component of SSL does not work. It's still possible to establish a secure connection so that nobody is eavesdropping, but the app cannot be sure of who is on the other end of the line.
这是一个信任问题。对于自签名证书,SSL 的身份验证组件不起作用。仍然可以建立安全连接,以便没有人窃听,但应用程序无法确定谁在线路的另一端。
I have a similar setup, and solved this issue by adding my self-signed root CA to the iPad trusted certificates. This root CA is used to sign all of my other development certificates. Then I just have to add this single root certificate anywhere that SSL will be used. If you just have a self-signed certificate that you are using directly, you can probably just add that.
我有一个类似的设置,并通过将我的自签名根 CA 添加到 iPad 受信任的证书解决了这个问题。这个根 CA 用于签署我所有的其他开发证书。然后我只需要在将使用 SSL 的任何地方添加这个单一的根证书。如果您只有一个直接使用的自签名证书,您可能只需添加它。
To get the certificate onto the device (or simulator), I put the file on my web server. Then just open it in Safari over plain HTTP. The Settings app should open and ask if you want to trust the certificate.
为了将证书放到设备(或模拟器)上,我将文件放在我的 Web 服务器上。然后只需通过普通 HTTP 在 Safari 中打开它。设置应用程序应打开并询问您是否要信任该证书。
Of course this is assuming that this is for development only, and that your production system has a certificate signed by a well-known authority (i.e. one included in the OS' database of root certificate authorities). Because asking end users to install your self-signed certificate won't fly.
当然,这是假设这仅用于开发,并且您的生产系统具有由知名机构签署的证书(即包含在操作系统的根证书颁发机构数据库中的证书)。因为要求最终用户安装您的自签名证书是行不通的。
回答by Anton P
This is the only solution worked for me... At the end of your AppDelegate.m file, insert the code:
这是唯一对我有用的解决方案...在 AppDelegate.m 文件的末尾,插入代码:
@implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end
Thanks for jc ivancevich article http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/
感谢 jc ivancevich 文章http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/
回答by The Problem
(Edit - I misread this as 9814, expired cert. I'm not sure how to solve this one, but hopefully my response helps point in the right direction.)
(编辑 - 我将其误读为 9814,过期证书。我不确定如何解决这个问题,但希望我的回答有助于指出正确的方向。)
Looks like a cert issue different from the usual "Allow Arbitrary Loads" question.
看起来像一个不同于通常的“允许任意加载”问题的证书问题。
Brief excerpt from: Apple Documentation - Appendix A: Common Server Trust Evaluation Errors
简短摘录自:Apple 文档 - 附录 A:常见服务器信任评估错误
NSOSStatusErrorDomain errSSLNoRootCert -9813
NSOSStatusErrorDomain errSSLNoRootCert -9813
回答by Margaret López
try change the session variable, this change help me
尝试更改会话变量,此更改对我有帮助
let config = URLSessionConfiguration.default
let session = URLSession(configuration: config)
回答by rashmisingh622
Modifying the info.plist worked for me as well.
修改 info.plist 也对我有用。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
回答by svkumar
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
NSURLSession/NSURLConnection HTTP 加载失败(kCFStreamErrorDomainSSL,-9813)
Add a new row in your plist file.
在 plist 文件中添加一个新行。
