objective-c - iOS中AFNetworking HTTPS配置不成功,谁碰到过同样的错误?
怪我咯
怪我咯 2017-04-18 09:45:47
0
2
1406

今天公司弄到了HTTPS证书 我在工程里配置 试了很多遍都报错

想问问大神错误在哪里

代码如下,以为是网络请求封装的不对,特意写了个简单的

NSDictionary *params = @{

                         @"mobile" : self.loginName,
                         @"password" : [RSA rsaPassword:self.password]
                         };
 
// 1.获得请求管理者
AFHTTPSessionManager *mgr = [AFHTTPSessionManager manager];
// 2.申明返回的结果是text/html类型
mgr.responseSerializer = [AFHTTPResponseSerializer serializer];
// /先导入证书
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"fullway" ofType:@"cer"];//证书的路径
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
// AFSSLPinningModeCertificate 使用证书验证模式
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];

// allowInvalidCertificates 是否允许无效证书(也就是自建的证书),默认为NO
// 如果是需要验证自建证书,需要设置为YES
securityPolicy.allowInvalidCertificates = YES;
 
//validatesDomainName 是否需要验证域名,默认为YES;
//假如证书的域名与你请求的域名不一致,需把该项设置为NO;如设成NO的话,即服务器使用其他可信任机构颁发的证书,也可以建立连接,这个非常危险,建议打开。
//置为NO,主要用于这种情况:客户端请求的是子域名,而证书上的是另外一个域名。因为SSL证书上的域名是独立的,假如证书上注册的域名是<a href="\"http://www.google.com\"" target="\"_blank\"" onclick="\"return" checkurl(this)\"="" id="\"url_1\"">www.google.com</a>,那么mail.google.com是无法验证通过的;当然,有钱可以注册通配符的域名*.google.com,但这个还是比较贵的。
//如置为NO,建议自己添加对应域名的校验逻辑。
securityPolicy.validatesDomainName = NO;
 
securityPolicy.pinnedCertificates = [NSSet setWithObject:certData];
 
 
 
// 加上这行代码,https ssl 验证。
[mgr setSecurityPolicy:securityPolicy];
 
// 3.发送POST请求
[mgr POST:[NSString stringWithFormat:@"%@%@",[WDGlobal global].BASE_URL,USER_LOGIN] parameters:params progress:^(NSProgress * _Nonnull uploadProgress) {
     
} success:^(NSURLSessionDataTask * _Nonnull task, id  _Nullable responseObject) {
     
    NSLog(@"请求成功 ---- %@",responseObject);
     
} failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {
     
        NSLog(@"\nerror--------------------->\n%@\n----------------------->>\nerror.code---\n%ld\n----------------------->>\nerror.localizedDescription\n%@",error,error.code,error.localizedDescription);
     
}];



这里是服务器返回的错误log


error--------------------->

Error Domain=NSURLErrorDomain Code=-1200 "发生了 SSL 错误,无法建立与该服务器的安全连接。" UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=您仍要连接此服务器吗?, NSUnderlyingError=0x174445580 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=发生了 SSL 错误,无法建立与该服务器的安全连接。, NSErrorFailingURLKey=https://139.224.186.36:8443/p... NSErrorFailingURLStringKey=https://139.224.186.36:8443/p... _kCFStreamErrorDomainKey=3}


----------------------->>
error.code---
-1200
----------------------->>
error.localizedDescription
发生了 SSL 错误,无法建立与该服务器的安全连接。



安卓的同事可以访问

不知道哪里配置除了问题 一脸萌比
怪我咯
怪我咯

走同样的路,发现不同的人生

reply all(2)
阿神

Is your certificate given to you directly by the backend? If you try the following method, I just finished it a few days ago and encountered a problem. I forgot whether the errorCode is the same as yours.

Because AFNetworking does not base64 process the certificate, the certificate provided directly by the background cannot be used. You can try this method to get it: openssl s_client -connect www.mywebsite.com:443 </dev/null 2>/dev/null | openssl x509 -outform DER > myWebsite.cer Change the URL to yours, and the .cer file obtained in this way can be used directly by AFNetworking.

黄舟

I also encountered this problem today. It turned out that the certificate configured on the server was wrong. Apple required TLS1.2 and the server configuration was TLS1.0. Big hole

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template