Question

我正在使用iOS 10.我正在评估自签名证书，如下所示

-(void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];

    if ([protectionSpace authenticationMethod] == NSURLAuthenticationMethodServerTrust) {

        SecTrustRef trust = [protectionSpace serverTrust];

        SecPolicyRef policyOverride = SecPolicyCreateSSL(true, (CFStringRef)@"HOSTNAME");
        SecTrustSetPolicies(trust, policyOverride);

        CFMutableArrayRef certificates = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);

        /* Copy the certificates from the original trust object */
        CFIndex count = SecTrustGetCertificateCount(trust);
        CFIndex i=0;
        for (i = 0; i < count; i++) {
            SecCertificateRef item = SecTrustGetCertificateAtIndex(trust, i);
            CFArrayAppendValue(certificates, item);
        }

        /* Create a new trust object */
        SecTrustRef newtrust = NULL;
        if (SecTrustCreateWithCertificates(certificates, policyOverride, &newtrust) != errSecSuccess) {
            /* Probably a good spot to log something. */
            NSLog(@"Error in SecTrustCreateWithCertificates");
            [connection cancel];
            return;
        }

        CFRelease(policyOverride);

        /* Re-evaluate the trust policy. */
        SecTrustResultType secresult = kSecTrustResultInvalid;
        if (SecTrustEvaluate(trust, &secresult) != errSecSuccess) {

            /* Trust evaluation failed. */
            [connection cancel];

            // Perform other cleanup here, as needed.
            return;
        }

        switch (secresult) {
                //case kSecTrustResultInvalid:
                //case kSecTrustResultRecoverableTrustFailure:
            case kSecTrustResultUnspecified: // The OS trusts this certificate implicitly.
            case kSecTrustResultProceed: // The user explicitly told the OS to trust it.
            {
                NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
                [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];

                return;
            }
            default: ;
                /* It's somebody else's key. Fall through. */
                [challenge.sender performDefaultHandlingForAuthenticationChallenge:challenge];
                break;
        }
        /* The server sent a key other than the trusted key. */
        [connection cancel];
        // Perform other cleanup here, as needed.
    }
}

评估后的结果是＆＃39; kSecTrustResultUnspecified＆＃39;再次使用相同的方法＆＃39; willSendRequestForAuthenticationChallenge＆＃39;正在被递归地调用。不确定为什么要递归调用该方法。让我知道代码的任何问题。

由于

Answer 1

有几个解决方案，我认为最简单的解决方案是here。总之，您需要检查[challenge previousFailureCount]以防止反复重新输入该方法。

否则，从Apple API文档中，我会建议类似于this的内容，它使用不推荐的委托回调，但可能适合您。

Answer 2

它实际上是指递归调用。你的代码应该处理这个问题。

起初看起来很奇怪，但它有点意义......尝试进行身份验证，失败，所以它回到同一个方法（谁知道，也许你想尝试不同的凭证或其他东西）。

您可以检查先前的失败计数并自行拒绝，否则它将失败并继续返回您的函数以递归进行身份验证，就像当前正在发生的那样。

willSendRequestForAuthenticationChallenge方法称为递归

2 个答案: