NSURLConnection HTTP加载失败(kCFStreamErrorDomainSSL,-9813)

时间:2016-03-14 10:10:06

标签: ios objective-c xcode7.2

当我使用http://domain.com时,我的应用程序运行正常。但是今天,当我将http://更改为https://时,我正面临着这个问题:NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)。我也在.plist进行了更改。这是我的.plist代码:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>dev.domainName.in</key>
            <dict>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
            </dict>
        </dict>
    </dict>

但我仍然面临着这个问题。请帮帮我。我错过了什么?

2 个答案:

答案 0 :(得分:0)

从iOS 9开始,Apple已经实施了ATS。 Here是关于此的文档。尝试放松限制,看它是否有效。

它是否适用于在iOS 9之前运行OS版本的设备?

答案 1 :(得分:0)

根据您的评论,您收到了无效的证书错误,并且您正在使用NSURLConnection,您的解决方案是实现这些委托。看看这是否解决了这个问题。

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; }

请注意,您基本上忽略了SSL错误并允许继续连接。所以如果你打开应用程序进行黑客攻击。对于测试,您可以使用此功能,但请确保在生产环境中安装适当的证书。

但是如果你想正确处理这个问题并在证书不正确的情况下警告用户你可以这样做。

OSStatus err = noErr;
BOOL trusted = NO;
NSURLProtectionSpace *  protectionSpace = challenge.protectionSpace;
SecTrustRef serverTrustRef = protectionSpace.serverTrust;
SecTrustResultType trustResult;

//check if the server trust that we got from the server can be trusted by default
err = SecTrustEvaluate(serverTrustRef, &trustResult);
trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified));

if (trusted) //if the site is trusted then continue with that trust
{
    [challenge.sender useCredential:[NSURLCredential credentialForTrust:protectionSpace.serverTrust]
          forAuthenticationChallenge:challenge];
}
else //if not then warn the user about this and let the user make a decision
{
    //warn the user about the cert problem using a dialog with options to continue or ignore.
   //Continue alert action call : [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]
          forAuthenticationChallenge:challenge];
   //Dont continue action: [challenge.sender continueWithoutCredentialForAuthenticationChallenge:_challenge]; 
   //OR call: [sender cancelAuthenticationChallenge:challenge];
}

}

相关问题
最新问题