在 XCode (iOS) 中发送 HTTPS 请求
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12859427/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Send HTTPS Request in XCode (iOS)
提问by Christian Pappenberger
I need your help :)
我需要你的帮助 :)
I'm about changing the http request into a https request from my app. For now I have used ASIHTTPRequestand followed this tutorial. You have to know that I am a total beginner in this area of https and ssl. I appreciate any help, really.
我要从我的应用程序将 http 请求更改为 https 请求。现在我已经使用了ASIHTTPRequest并遵循了本教程。您必须知道,我是 https 和 ssl 领域的完全初学者。我感谢任何帮助,真的。
This is the code of my http request:
这是我的http请求的代码:
- (void)fetchDataFromServer{
// Create Instance
ASIFormDataRequest *request = [[ASIFormDataRequest alloc] initWithURL:url];
// Parameter der POST Anfrage setzen
[request setPostValue:@"anything" forKey:@"app_action"];
[request setValidatesSecureCertificate:NO]; // no certificate so far
request.delegate = self; // assign delegate
[request startAsynchronous]; // send request
}
}
That worked fine. But now I need to protect the data connection and therefore I have to use https.
那工作得很好。但是现在我需要保护数据连接,因此我必须使用https。
How can I realize this need? Is ASIHTTPRequestthe right thing for that and it is even supporting that? What do I need to know of the certificate in the server?
我怎样才能意识到这种需求?ASIHTTPRequest是否适合它,它甚至支持它?关于服务器中的证书,我需要知道什么?
Please tell me everything you know :)
请告诉我你知道的一切:)
Thank you very much - you're the best.
非常感谢 - 你是最棒的。
Regards Chris
问候克里斯
采纳答案by Jeffery Thomas
Certificate validation is a good thing and should nearly always be done. You do not need to disable it for HTTP requests.
证书验证是一件好事,几乎应该始终进行。您不需要为 HTTP 请求禁用它。
There is really only one exception to this rule. If you must connect to a HTTPS web service which does not have a properly signed certificate by a trusted certificate authority, then you must to turn certificate validation off.
这一规则实际上只有一个例外。如果您必须连接到没有由受信任的证书颁发机构正确签署的证书的 HTTPS Web 服务,则必须关闭证书验证。
Why your web service might not have a valid certificate
为什么您的 Web 服务可能没有有效证书
- You're being hacked! This is the reason for certificates and certificate validation.
- The web service is running on a badly configured SSL server.
- The certificate has expired and the server isn't being kept up.
- The owner of the web service is too cheap to pay for having his certificate signed by a trusted certificate authority.
- A development server that isn't exposed to the public may not be worth the trouble of getting a signed certificate.
- 你被黑客入侵了!这就是证书和证书验证的原因。
- Web 服务正在错误配置的 SSL 服务器上运行。
- 证书已过期,服务器未得到维护。
- Web 服务的所有者支付其证书由受信任的证书颁发机构签名的费用太低了。
- 未向公众公开的开发服务器可能不值得为获得签名证书而烦恼。
How to know if the web service doesn't have a properly signed certificate
如何知道 Web 服务是否没有正确签名的证书
- Visit the web service in a web browser and see if you get a certificate error.
- Check for an invalid certificate error within your app.
- 在 Web 浏览器中访问 Web 服务,查看是否出现证书错误。
- 检查您的应用程序中是否存在无效证书错误。
Alternatives to turning certificate validation off
关闭证书验证的替代方法
- Get your certificate signed by a trusted certificate authority.
- Create your own certificate authority, sign your certificate with your own certificate authority, and install your certificate authority as a trusted certificate authority on the iOS device.
- 让受信任的证书颁发机构签署您的证书。
- 创建您自己的证书颁发机构,使用您自己的证书颁发机构签署您的证书,并将您的证书颁发机构安装为 iOS 设备上受信任的证书颁发机构。
