SSLHandshake失败(-9808),带有自签名根证书

时间:2015-10-26 07:54:47

标签: ios ssl ssl-certificate afnetworking afnetworking-2

我有自定义硬件设备和REST API。设备具有自签名根证书。我正在尝试进行简单的GET调用,但我的所有请求都失败了:

CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)

更多说明:

CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
Error Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fa2fb219530>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, NSErrorPeerCertificateChainKey=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
    0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}, NSUnderlyingError=0x7fa2fb3018e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fa2fb219530>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9808, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
    0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk., NSErrorFailingURLKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorFailingURLStringKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorClientCertificateStateKey=0}

我在AFHTTPSessionManger的子类中的代码是

  NSData *myCertificate = [NSData dataWithContentsOfFile: [[NSBundle mainBundle] pathForResource:@"selfSignedRootCertificate" ofType:@"cer"]];
    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
    securityPolicy.validatesDomainName = NO;
    securityPolicy.allowInvalidCertificates = YES;
    securityPolicy.pinnedCertificates = @[myCertificate];

我试图根据iOS 9.0中的变化向plist添加异常

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

我不知道我做错了什么。我的观点是将我的自签名根证书固定到app以便能够使用https连接。能否以正确的方式帮助我如何做到这一点?

我有AFNetworking(2.6.1)。

感谢您的帮助!

1 个答案:

答案 0 :(得分:0)

所以我终于找到了问题的根源。问题出在自定义硬件设备上的ssl-library中。重新实现硬件后,一切都像魅力一样。

相关问题
最新问题