https连接中的NSURLSession / NSURLConnection HTTP加载失败(kCFStreamErrorDomainSSL,-9802)错误

时间:2015-08-25 12:01:10

标签: objective-c iphone amazon-s3 https ios9

在iOS 9中,我使用基本的NSURLConnection命中了网址https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg

NSOperationQueue *completionQueue = [NSOperationQueue mainQueue];
    NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration];
    self.mURLSession = [NSURLSession sessionWithConfiguration:configuration delegate:nil delegateQueue:completionQueue];

    NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg"]];
    NSURLSessionDataTask *dataTask = [self.mURLSession dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
        NSLog(@"%@",error);
    }];
    [dataTask resume];

但是收到此错误

错误Domain = NSURLErrorDomain Code = -1200“发生SSL错误,无法与服务器建立安全连接。” UserInfo = {NSLocalizedDescription =发生了SSL错误,无法与服务器建立安全连接。,NSLocalizedRecoverySuggestion =您是否要连接到服务器?,_kCFStreamErrorDomainKey = 3,NSUnderlyingError = 0x7c1075e0 {错误域= kCFErrorDomainCFNetwork代码= - 1200“(null)”UserInfo = {_ kCFStreamPropertySSLClientCertificateState = 0,_kCFNetworkCFStreamSSLErrorOriginalValue = -9802,_kCFStreamErrorCodeKey = -9802,_kCFStreamErrorDomainKey = 3,kCFStreamPropertySSLPeerTrust =,kCFStreamPropertySSLPeerCertificates = {type = immutable,count = 3,values =(     0:     1:     2: }}},_kCFStreamErrorCodeKey = -9802,NSErrorFailingURLStringKey = https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg,NSErrorPeerCertificateChainKey = {type = immutable,count = 3,values =(     0:     1:     2: ),NSErrorClientCertificateStateKey = 0,NSURLErrorFailingURLPeerTrustErrorKey =,NSErrorFailingURLKey = https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg}

即使这是https连接,为什么我会收到这个奇怪的错误。任何人都可以让我知道。

4 个答案:

答案 0 :(得分:27)

根据Apple tech note,App Transport Security需要SHA-2。 S3(和CloudFront)证书使用SHA-1,这就是发生此故障的原因。

解决方法是将NSExceptionRequiresForwardSecrecy设置为false。 (这是在AWS转移到SHA-2(by September 30th, 2015))之前。

SHA-1 Signature

答案 1 :(得分:7)

我也遇到了这个问题。不幸的是,我无法告诉你为什么这种情况发生 - S3似乎符合前方保密要求(at least according to this answer):

Adams-MacBook-Pro:tmp Adam$ curl -kvI https://s3.amazonaws.com
* Rebuilt URL to: https://s3.amazonaws.com/
*   Trying 54.231.32.128...
* Connected to s3.amazonaws.com (54.231.32.128) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

解决方法which I found here是为您的应用的Info.plist文件添加一个例外,不需要保密:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>s3.amazonaws.com</key>
        <dict>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>

据我所知,这是您可以降低内置安全性以连接到Amazon S3的最低金额。

答案 2 :(得分:2)

在此处提供的其他答案以及here的帮助下,我修复了需要连接到多个cloudfront.net子域的应用程序,并添加了plist:

IE.document.all("_qf_GPDetail_submit_csv").Click

答案 3 :(得分:0)

对我来说,解决方案是为域添加此例外:

<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>xxx.com</key>
        <dict>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>
相关问题
最新问题