我想使用iOS客户端访问Java服务器。对于我使用Thrift的通信。如果我建立连接,我收到以下错误消息:
CFNetwork SSLHandshake failed (-9807)
Error occured opening stream: Error Domain=NSOSStatusErrorDomain Code=-9807 "The operation couldn’t be completed. (OSStatus error -9807.)"
Error TTransportException: Error writing to transport output stream.
userInfo = {
error = "Error Domain=NSOSStatusErrorDomain Code=-9807 \"The operation couldn\U2019t be completed. (OSStatus error -9807.)\"";
}
我的iOS客户端的代码:
TSSLSocketClient *transportSSL = [[TSSLSocketClient alloc] initWithHostname:_host port:_port];
TFramedTransport *mTransport = [[TFramedTransport alloc] initWithTransport:transportSSL];
TBinaryProtocol *protocol = [[TBinaryProtocol alloc]
initWithTransport:mTransport
strictRead:YES
strictWrite:YES];
TMultiplexedProtocol *profilePrtcl = [[TMultiplexedProtocol alloc] initWithProtocol:protocol serviceName:@"ProfileService"];
self.service = [[ProfileServiceClient alloc] initWithProtocol:profilePrtcl];
我的Java服务器代码:
TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters();
params.setKeyStore("/path/to/keystore.jks", "Password");
this.serverTransport = TSSLTransportFactory.getServerSocket(port,10000, InetAddress.getByName("localhost"), params);
TServer server = new TThreadPoolServer(new TThreadPoolServer.Args(serverTransport).processor(processor));
server.serve()
我是否不向客户端添加证书?
修改
在TSSLSocketClient中有一个方法:
- (id) initWithHostname: (NSString *) hostname port: (int) port
在第91行可以找到以下代码:
NSDictionary *settings = [NSDictionary dictionaryWithObjectsAndKeys:(id)kCFBooleanTrue, (id)kCFStreamSSLValidatesCertificateChain, nil];
我更改了代码如下:
NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
[NSNumber numberWithBool:YES],
kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:YES],
kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:NO],
kCFStreamSSLValidatesCertificateChain,
kCFNull,kCFStreamSSLPeerName,
nil];
现在我收到以下错误:
Certificate trust failure
Cannot trust certificate. TrustResultType: 5