我在服务器上有自签名证书验证。
当我尝试在mac上的浏览器中使用api https://wikiroutes.info/test/api/ios/getCities时,它只在我接受.p12证书时才能工作。我无法在AFNetworking中找到可以输入.p12密码的位置。我也有文件.der,但是当我使用它时,我在代码kSecTrustResultRecoverableTrustFailure上有错误SecTrustEvaluate(allowedTrust, &result)
我的代码
NSString* fileRoot = [[NSBundle mainBundle] pathForResource:@"cert.pem" ofType:@"der"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:fileRoot];
AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
securityPolicy.SSLPinningMode = AFSSLPinningModeCertificate;
[securityPolicy setAllowInvalidCertificates:YES];
securityPolicy.pinnedCertificates = @[certData];
AFHTTPRequestOperationManager *operationManager = [[AFHTTPRequestOperationManager alloc] initWithBaseURL:[NSURL URLWithString:@"https://wikiroutes.info"]];
operationManager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"text/plain"];
operationManager.securityPolicy = securityPolicy;
[operationManager GET:@"test/api/ios/getCities" parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
NSLog(@"response %@",responseObject);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"error %@",error);
}];
这是我的测试项目。 https://www.dropbox.com/s/410w5bau3e3slx9/testApp.zip
其证书文件
https://www.dropbox.com/s/hk9hywri37wxpet/cert.pem.der https://www.dropbox.com/s/2cpfhokh59jo15d/cert.p12(密码 - nM123456)
答案 0 :(得分:0)
据我记忆,AFNetworking使用" .cer"自动搜索DER格式的证书。扩展,因此您需要转换您的PEM证书,如下所示:
openssl x509 -in cert.pem -outform der -out cert.cer