到目前为止,我尝试过迄今为止所见过的解决方案,但没有任何效果。
根据我的理解,通过在我的info.plist文件的App Transport Security设置中设置Allow Arbitrary Loads = YES,它应该关闭所有ATS。
即便如此,我得到NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
如果我用以下方式检查我的服务器:
nscurl -ats-diagnostics --verbose https://apps-test.mydomain.com
所有测试通过!
如果我尝试使用TLSTool检查服务器的设置,我会得到以下结果:
mac08:bin brent$ TLSTool s_client -connect apps-test.mydomain.com:443
* input stream did open
* output stream did open
* output stream has space
* protocol: TLS 1.2
* cipher: RSA_WITH_AES_256_GCM_SHA384
* trust result: unspecified
* certificate info:
* 0 rsaEncryption 2048 sha256-with-rsa-signature '*.mydomain.com'
* 1 rsaEncryption 2048 sha256-with-rsa-signature 'Go Daddy Secure Certificate Authority - G2'
* 2 rsaEncryption 2048 sha256-with-rsa-signature 'Go Daddy Root Certificate Authority - G2'
我写了一个简单的iOS应用程序,它只是在运行时尝试执行以下操作...
NSString *url = @"https://apps-test.cticore.com/Home";
NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:url]];
NSURLConnection *conn = [NSURLConnection connectionWithRequest:request delegate:self];
我的应用传输安全设置设置为允许任意负载=是
我也开启了NSURLConnection dubugging。它给了我以下信息:
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:1] 08:24:09.547 {
LoaderWhatToDo
Request: <CFURL 0x7cb74030 [0xd25098]>{string = https://apps-test.MyDomain.com/Home, encoding = 134217984, base = (null)}
CachePolicy: 0
WhatToDo: originload
CreateToNow: 0.00942s
} [1:1]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:2] 08:24:09.549 {
AddCookies Continue: request GET https://apps-test.MyDomain.com/Home HTTP/1.1
HTTPProtocol: Task: 7c87a8c0
} [1:2]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:3] 08:24:09.550 {
DiskCookieStorage Construction: Binary{ Disk Cookies: { /Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, <0 cookies in 0 domains> clean not writing } }
Accessing: <CFURL 0x7cb6b700 [0xd25098]>{string = file:///Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, encoding = 134217984, base = (null)}
Path: /Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies
Read from disk: <0 cookies in 0 domains>
Dirty: NO
Writing: NO
Policy: 2
} [1:3]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:4] 08:24:09.550 {
DiskCookieStorage Journaling On: Binary{ Disk Cookies: { /Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, <0 cookies in 0 domains> clean not writing } }
File: <CFURL 0x7be766e0 [0xd25098]>{string = file:///Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, encoding = 134217984, base = (null)}
} [1:4]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:5] 08:24:09.550 {
Protocol Enqueue: request GET https://apps-test.MyDomain.com/Home HTTP/1.1
Request: <CFURLRequest 0x7cb63780 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Message: GET https://apps-test.MyDomain.com/Home HTTP/1.1
} [1:5]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:6] 08:24:09.961 {
Client Cert Requested
} [1:6]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:7] 08:24:09.961 {
Authentication Challenge
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Challenge: challenge space https://apps-test.MyDomain.com:443/, ClientCertificateRequested (Hash 9b9ca083)
} [1:7]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:8] 08:24:09.961 {
Use Credential
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Credential: null
} [1:8]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:9] 08:24:09.962 {
touchConnection
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Timeout Interval: 60.000 seconds
} [1:9]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:10] 08:24:09.962 {
Peer certificate
Subject Sum: *.MyDomain.com
Summary: Go Daddy Secure Certificate Authority - G2
} [1:10]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:11] 08:24:10.072 {
Authentication Challenge
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Challenge: challenge space https://apps-test.MyDomain.com:443/, ServerTrustEvaluationRequested (Hash 9b9ca083)
} [1:11]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:12] 08:24:10.072 {
Use Credential
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Credential: null
} [1:12]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:13] 08:24:10.072 {
touchConnection
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Timeout Interval: 60.000 seconds
} [1:13]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:14] 08:24:10.073 {
Response Error
Request: <CFURLRequest 0x7cb63780 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=1, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorCodeKey=-9813, _kCFStreamErrorDomainKey=3, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7e173fa0>, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7c96a670 [0xd25098]>{type = immutable, count = 1, values = (
0 : <cert(0x7cb624b0) s: *.MyDomain.com i: Go Daddy Secure Certificate Authority - G2>
)}}
} [1:14]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:15] 08:24:10.074 {
Did Fail
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=1, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorCodeKey=-9813, _kCFStreamErrorDomainKey=3, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7e173fa0>, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7c96a670 [0xd25098]>{type = immutable, count = 1, values = (
0 : <cert(0x7cb624b0) s: *.MyDomain.com i: Go Daddy Secure Certificate Authority - G2>
)}}
init to origin load: 0.010781s
total time: 0.53556s
total bytes: 0
} [1:15]
我可以看到它失败了,但我无法弄清楚我能做些什么才能让它失败!
不应该关掉所有的ATS让一切都过去了吗?
这是否全都是由我们的Go Daddy证书引起的,而不是使用正确的密码?
为什么所有TLS检查都通过我的Mac上的命令行传递,但尝试通过我的超级简单应用程序运行,我无法连接。
我意识到这是一个很长的帖子,但我已经尝试了一切我能找到的解决这个问题但却没有任何效果。帮助
更新:
如果我允许任意加载并将以下内容添加到我的NSURLSessionDelegate
,我可以使我的Swift示例正常工作func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Void) {
var disposition: NSURLSessionAuthChallengeDisposition = .PerformDefaultHandling
var credential: NSURLCredential?
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
disposition = NSURLSessionAuthChallengeDisposition.UseCredential
credential = NSURLCredential(forTrust: challenge.protectionSpace.serverTrust!)
} else {
if challenge.previousFailureCount > 0 {
disposition = .CancelAuthenticationChallenge
} else {
credential = session.configuration.URLCredentialStorage?.defaultCredentialForProtectionSpace(challenge.protectionSpace)
if credential != nil {
disposition = .UseCredential
}
}
}
completionHandler(disposition, credential)
}
然而,这个解决方案不太理想,因为我希望ATS能够与我现有的服务器一起正常工作。
有谁知道在我的服务器端实际修复内容的步骤是什么,以便ATS能正常工作?