如何验证SSL证书

时间:2014-04-09 09:33:31

标签: ios5 ssl-certificate nsurl afnetworking-2 nsurlconnectiondelegate

我想在我的应用中验证SSL证书,我正在使用AFNetworking来验证证书。

对于SSL验证,我使用的是openssl,libcrypto.a和libssl.a

我的问题是验证过程是使用NSURLConnection委托方法完成的,但是使用AFNetworking它不起作用。

 NSURL *url = [NSURL URLWithString:@"https://www.google.com"];
    NSURLRequest *req = [NSURLRequest requestWithURL:url];

AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:req];
    [operation setCompletionBlockWithSuccess: ^(AFHTTPRequestOperation *operation, id responseObject) {

        NSString *stringResponse = [[NSString alloc] initWithData:responseObject
                                                         encoding:NSUTF8StringEncoding];
//        [self.webView loadHTMLString:stringResponse baseURL:nil];
        NSLog(@"Responce-->>%@",stringResponse);

    } failure: ^(AFHTTPRequestOperation *operation, NSError *error) {

//        [self.webView loadHTMLString:error.localizedDescription baseURL:nil];
        NSLog(@"Responce-->>%@",error.localizedDescription);

    }];

    [operation start];

    [operation setWillSendRequestForAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge)
     {

         if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
         {
             // By now, the OS will already have built a SecTrustRef instance for
             // the server certificates; we just need to evaluate it
             SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
             SecTrustResultType res;
             OSStatus status = SecTrustEvaluate(serverTrust, &res);

             bool verified = FALSE;
             if (status == errSecSuccess && ((res == kSecTrustResultProceed) || (res == kSecTrustResultUnspecified)))
             {
                 NSLog(@"iOS certificate chain validation for host %@ passed", challenge.protectionSpace.host);

                 verified = verifyWithOpenSSL(serverTrust);
             }
             else
             {
                 NSLog(@"iOS certificate chain validation for host %@ failed", challenge.protectionSpace.host);
             }

             if (verified)
             {
                 // If *both* verifications succeeded, then continue with the connection
                 NSURLCredential *successCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
                 [challenge.sender useCredential:successCredential
                      forAuthenticationChallenge:challenge];
             }
             else
             {

                 [challenge.sender cancelAuthenticationChallenge:challenge];
             }
         } else {

             [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
         }


     }];

这是用于验证的AFNetworking代码,我不知道它是错还是正确。

但是这个过程完全适用于NSURLConnection。

所以请帮忙。

1 个答案:

答案 0 :(得分:0)

AFNetworking 2让这很容易。首先,将您的SSL证书添加到您的应用包中。证书应具有.cer扩展名。其次,为您的操作设置securityPolicy

operation.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];

默认情况下,AFNetworking将针对与您的应用捆绑在一起的远程证书验证远程证书,确保域名正确,两者都使用相同的密钥对发出,并且证书链有效。