ios 从 http 切换到 https。证书无效
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12447318/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Switching from http to https. Invalid certificate
提问by Darren
I have an app that connects to my home routers web interface. I want to convert this to use https instead of just http.
I was originally using ASIHttpRequest, but as it's no longer supported i'm switching over to AFNetworking.
The problem is, whenever I try to connect, I get this errormessage:
我有一个应用程序可以连接到我的家用路由器 Web 界面。我想将其转换为使用 https 而不仅仅是 http。我最初使用的是ASIHttpRequest,但由于不再受支持,我将切换到AFNetworking. 问题是,每当我尝试连接时,都会收到以下错误消息:
_block_invoke_0220 [Line 243] ERROR: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.1.1” which could put your confidential information at risk." UserInfo=0x9792ad0 {NSErrorFailingURLStringKey=https://192.168.1.1/Info.live.htm, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://192.168.1.1/Info.live.htm, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.1.1” which could put your confidential information at risk., NSUnderlyingError=0xa6a3560 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.1.1” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=< SecTrustRef:
If I navigate to the url i safari, I get a message that Safari can't verify the identity.... and I have to click continue to carry on. How can I achieve this? I don't really know anything about ssl or https unfortunately. Here is the code i'm currently using:
如果我导航到 safari 的 url,我会收到一条消息,表明 Safari 无法验证身份....我必须单击继续才能继续。我怎样才能做到这一点?不幸的是,我对 ssl 或 https 一无所知。这是我目前使用的代码:
NSString *urlString = @"https://192.168.1.1/";
NSURL *url = [NSURL URLWithString:urlString];
// Set authorization
AFHTTPClient *httpClient = [[AFHTTPClient alloc] initWithBaseURL:url];
[httpClient setAuthorizationHeaderWithUsername:user password:pass];
NSURLRequest *request = [httpClient requestWithMethod:@"POST" path:@"Info.live.htm" parameters:nil];
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:request];
[operation setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation, id responseObject) {
NSString *responceString = [operation responseString];
// NSLog(@"%@",responceString);
if ([self parseInfoLive:responceString])
[[NSNotificationCenter defaultCenter] postNotificationName:@"downloadsComplete" object:nil];
}
failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"ERROR: %@",error.description);
}];
[operation start];
回答by Till
For getting around the validity check of the host certificate, add the following code.
为了绕过主机证书的有效性检查,添加以下代码。
First add an interface for the setter method that is already within the SDK but not exposed into public:
首先为已经在 SDK 中但未公开的 setter 方法添加一个接口:
@interface NSURLRequest(Private)
+(void)setAllowsAnyHTTPSCertificate:(BOOL)inAllow forHost:(NSString *)inHost;
@end
Now, whenever you are rendering a new request, invoke that setter:
现在,每当您呈现新请求时,请调用该 setter:
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[inURL host]];
Warning
警告
Do not use this code for production but only while developing your app in cases where the certificate is not yet approved/submitted/installed. Typical would be the use of a development server that does not have a trusted certificate installed. The use of this code will get your App rejected from distribution via iTunes as it uses a private API method.
不要将此代码用于生产,而只能在证书尚未批准/提交/安装的情况下开发您的应用程序时使用。典型的情况是使用未安装受信任证书的开发服务器。使用此代码将使您的应用程序拒绝通过 iTunes 分发,因为它使用私有 API 方法。
For making sure that things work smoothly in a production environment, you will have to get a trusted SSL certificate for your host. There are various authoritative companies providing such thing. To mention at least one (there are MANY more), you could use GoDaddy.
为了确保在生产环境中顺利运行,您必须为您的主机获得一个受信任的 SSL 证书。有各种权威公司提供这样的东西。要提及至少一个(还有很多),您可以使用GoDaddy。
Update (31st May 2013)
更新(2013 年 5 月 31 日)
AFNetworking got updatedto support invalid certificates out of the box, without using any private API's. Kudos to Peter Steinberger!
AFNetworking 已更新以支持开箱即用的无效证书,而无需使用任何私有 API。向彼得斯坦伯格致敬!
For enabling that feature, the most convenient solution is to add the following to your prefix header (.pch):
要启用该功能,最方便的解决方案是将以下内容添加到前缀标头 (.pch) 中:
#ifdef DEBUG
#define _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
#endif
Once again, I can not emphasize enough that you should refrain from enabling that feature in production code - you would pretty much invalidate the entire point of SSL connections and render them vulnerable.
再次强调,您应该避免在生产代码中启用该功能 - 您几乎会使 SSL 连接的整个点无效并使它们容易受到攻击。
回答by Jayprakash Dubey
This URL from Apple documentation might help Check this link
Apple 文档中的此 URL 可能有助于检查此链接
In the above document read Introduction section.
在上面的文档中阅读介绍部分。
