我想在我的应用中验证SSL证书,我正在使用AFNetworking来验证证书。
对于SSL验证,我使用的是openssl,libcrypto.a和libssl.a
我的问题是验证过程是使用NSURLConnection委托方法完成的,但是使用AFNetworking它不起作用。
NSURL *url = [NSURL URLWithString:@"https://www.google.com"];
NSURLRequest *req = [NSURLRequest requestWithURL:url];
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:req];
[operation setCompletionBlockWithSuccess: ^(AFHTTPRequestOperation *operation, id responseObject) {
NSString *stringResponse = [[NSString alloc] initWithData:responseObject
encoding:NSUTF8StringEncoding];
// [self.webView loadHTMLString:stringResponse baseURL:nil];
NSLog(@"Responce-->>%@",stringResponse);
} failure: ^(AFHTTPRequestOperation *operation, NSError *error) {
// [self.webView loadHTMLString:error.localizedDescription baseURL:nil];
NSLog(@"Responce-->>%@",error.localizedDescription);
}];
[operation start];
[operation setWillSendRequestForAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge)
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
// By now, the OS will already have built a SecTrustRef instance for
// the server certificates; we just need to evaluate it
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
SecTrustResultType res;
OSStatus status = SecTrustEvaluate(serverTrust, &res);
bool verified = FALSE;
if (status == errSecSuccess && ((res == kSecTrustResultProceed) || (res == kSecTrustResultUnspecified)))
{
NSLog(@"iOS certificate chain validation for host %@ passed", challenge.protectionSpace.host);
verified = verifyWithOpenSSL(serverTrust);
}
else
{
NSLog(@"iOS certificate chain validation for host %@ failed", challenge.protectionSpace.host);
}
if (verified)
{
// If *both* verifications succeeded, then continue with the connection
NSURLCredential *successCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:successCredential
forAuthenticationChallenge:challenge];
}
else
{
[challenge.sender cancelAuthenticationChallenge:challenge];
}
} else {
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
}];
这是用于验证的AFNetworking代码,我不知道它是错还是正确。
但是这个过程完全适用于NSURLConnection。
所以请帮忙。
答案 0 :(得分:0)
AFNetworking 2让这很容易。首先,将您的SSL证书添加到您的应用包中。证书应具有.cer扩展名。其次,为您的操作设置securityPolicy
:
operation.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
默认情况下,AFNetworking将针对与您的应用捆绑在一起的远程证书验证远程证书,确保域名正确,两者都使用相同的密钥对发出,并且证书链有效。