通过Xamarin.iOS应用程序调用内部api服务器时出现问题。
我们的反向代理服务器始终返回403 HTTP错误。服务器的日志表明:“没有通过SNI为基于名称的虚拟主机提供主机名”。
使用Mono TLS:没问题。但是使用Apple TLS它不起作用。我们已经测试了所有HTTP客户端实现:托管代码,NSUrlSession和CFNetwork,结果相同。
我知道Apple TLS支持SNI。我们的网络服务器在iPhone上使用Safari时提供的内容没有问题。
但是,使用Xamarin并特别使用Apple TLS,这是不可能的。
你有什么想法吗?
PS:我们通过证书验证
ServicePointManager.ServerCertificateValidationCallback
+= (sender, certificate, chain, sslPolicyErrors) => {return true;};
答案 0 :(得分:2)
NSUrlSession
(适用于SNI):webView = new WKWebView(new CGRect(40, 100, 400, 400), new WKWebViewConfiguration());
Add(webView);
button = new UIButton(UIButtonType.System);
button.Frame = new CGRect(40, 40, 100, 40);
button.SetTitle("Fetch", UIControlState.Normal);
Add(button);
button.TouchUpInside += async (object sender, EventArgs e) =>
{
var url = new NSUrl("https://sni.velox.ch");
var task = await NSUrlSession.SharedSession.CreateDataTaskAsync(url);
webView.LoadHtmlString(NSString.FromData(task.Data, NSStringEncoding.UTF8), new NSUrl(""));
};
或使用bob.sni.velox.ch
或alice.sni.velox.ch
TLS SNI Test Site: *.sni.velox.ch
Great! Your client [TLSv12wSNI/1.0 CFNetwork/808.0.1 Darwin/15.6.0]
sent the following TLS server name indication extension (RFC 6066)
in its ClientHello (negotiated protocol: TLSv1.2, cipher suite:
ECDHE-RSA-AES256-GCM-SHA384):
sni.velox.ch
In your request, this header was included:
Host: sni.velox.ch
button.TouchUpInside += async (object sender, EventArgs e) =>
{
ServicePointManager.ServerCertificateValidationCallback += (servicesender, certificate, chain, sslPolicyErrors) => { return true; };
var client = new HttpClient();
var response = await client.GetAsync("https://sni.velox.ch");
webView.LoadHtmlString(new NSString(await response.Content.ReadAsStringAsync()), new NSUrl(""));
};
Mono TLS
的SSL / TLS实现(适用于SNI):TLS SNI Test Site: *.sni.velox.ch
Great! Your client [TLSv12wSNI/1.0 CFNetwork/808.0.1 Darwin/15.6.0]
sent the following TLS server name indication extension (RFC 6066) in
its ClientHello (negotiated protocol: TLSv1.2, cipher suite:
ECDHE-RSA-AES256-GCM-SHA384):
sni.velox.ch
In your request, this header was included:
Host: sni.velox.ch
Apple TLS (default)
:( BUG )your client did not send a TLS server name indication extension
TLS SNI Test Site: alice.sni.velox.ch
Unfortunately, your client did not send a TLS server name indication
extension (RFC 4366) in its ClientHello (negotiated protocol: TLSv1.2,
cipher suite: ECDHE-RSA-AES256-GCM-SHA384), so you're probably
getting warnings about certificate name mismatches.
In your request, this header was included:
Host: sni.velox.ch
我们个人避免在iOS上使用HttpClient
并始终使用iOS" native"网络课程/ API:NSUrlSession
,NSURLConnection
,....
Bug Filed:https://bugzilla.xamarin.com/show_bug.cgi?id=43794