使用AFNetworking进行SSL固定会发送NSURLErrorDomain -1012

时间:2014-09-24 15:46:59

标签: ios ssl afnetworking afnetworking-2

我正在尝试使用固定SSL自签名证书与Web服务进行通信这里是AFSecurityPolicy的设置:

- (AFSecurityPolicy *)securityPolicy
{
    NSString *caPath = [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"cer"];
    NSString *clientPath = [[NSBundle mainBundle] pathForResource:@"client" ofType:@"cer"];
    NSData *caData = [NSData dataWithContentsOfFile:caPath];
    NSData *clientData = [NSData dataWithContentsOfFile:clientPath];

    AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc]init];
    securityPolicy.pinnedCertificates = @[caData,clientData];
    securityPolicy.SSLPinningMode = AFSSLPinningModeCertificate;

    securityPolicy.allowInvalidCertificates = YES;

    return securityPolicy;
}

我正在使用AFHTTPRequestOperation,如下所示:

AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc]initWithRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"https://someurl"]]];
    [operation setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation, id responseObject) {
        NSLog(@"Success");
    } failure:^(AFHTTPRequestOperation *operation, NSError *error) {
        NSLog(@"%@",error.description);
    }];
    operation.securityPolicy = [self securityPolicy];
    [operation start];

我在应用程序包中有 ca 客户端证书,但它似乎不起作用,我尝试了几乎所有我找不到的东西。

输出结果为:

  

错误域= NSURLErrorDomain代码= -1012“无法完成操作。

PS:validatesCertificateChain = NO无效。

我正在使用最新版本的AFNetworking。

更新

为了测试我尝试使用libcurl for iOS查询服务器,并且使用P12证书在几次打嗝之后连接完成了:

CURLcode res;

curl_global_init(CURL_GLOBAL_DEFAULT);

_curl = curl_easy_init();
if(_curl) {
    curl_easy_setopt(_curl, CURLOPT_URL, "annoying https url");


    curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYHOST,0L);
    curl_easy_setopt(_curl, CURLOPT_SSL_VERIFYPEER,0L);

    curl_easy_setopt(_curl,CURLOPT_KEYPASSWD,"p12 password");


    const char *pCertFile = [[NSBundle mainBundle]pathForResource:@"client" ofType:@"p12"].UTF8String;
    const char *pCACertFile= [[NSBundle mainBundle]pathForResource:@"ca" ofType:@"crt"].UTF8String;

    curl_easy_setopt(_curl,CURLOPT_SSLCERT,pCertFile);
    curl_easy_setopt(_curl,CURLOPT_CAINFO,pCACertFile);


        /* Perform the request, res will get the return code */
        res = curl_easy_perform(_curl);
        /* Check for errors */ 
        if(res != CURLE_OK)
            fprintf(stderr, "curl_easy_perform() failed: %s\n",
                    curl_easy_strerror(res));
        /* we are done... */

    /* always cleanup */
    curl_easy_cleanup(_curl);
}

curl_global_cleanup();

所以这意味着在所有证书合适之后,问题出在其他地方,有人有洞察力吗?

PS:重新编写应用程序并且使用curl不是一个选项,因为我的实习在下周结束,我真的想要使用AFNetworking解决这个问题,因为应用程序已经相应地创建了。

0 个答案:

没有答案
相关问题
最新问题