iOS 10.3:模拟器HTTPS localhost:SSL错误

时间:2017-04-09 04:51:30

标签: ssl https localhost ios-simulator ios10.3

这适用于iOS 10.2及更低版本,但升级到10.3后,当模拟器尝试通过HTTPS连接到运行在localhost上的开发服务器时,Xcode控制台会输出以下错误:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
[] nw_coretls_callback_handshake_message_block_invoke_3 tls_handshake_continue: [-9807]

打印出error节目返回的URLSessionDataTask

Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600000527080>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
    "<cert(0x7ff3e1867200) s: localhost i: localhost>"
), NSUnderlyingError=0x60800024e880 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600000527080>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<cert(0x7ff3e1867200) s: localhost i: localhost>"
)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://localhost:3000/v1/login, NSErrorFailingURLStringKey=https://localhost:3000/v1/login, NSErrorClientCertificateStateKey=0}

参考:Apple: Developer: Guides and Sample Code: Technical Note TN2232: HTTPS Server Trust Evaluation

要创建自签名SSL证书,我使用了以下命令:

openssl genrsa -aes256 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -sha256 -key server.key -out server.csr -subj /CN=localhost
openssl x509 -req -sha512 -days 365 -in server.csr -signkey server.key -out server.crt

来源:GitHub - seviu/iOS-SSL-localhost

2 个答案:

答案 0 :(得分:11)

将自签名SSL证书(通过拖放)安装到iPhone模拟器上后,转到设置&gt;一般&gt;关于&gt;证书信任设置并为您的证书启用完全信任。

答案 1 :(得分:0)

我也有同样的问题,你必须实现didRecieveChallenge委托方法来处理SSl错误

在下面添加; URLRessive委托方法或URLConnnection deleagte方法的didReceiveChallenge委托方法中的代码之一。

- (void)URLSession :( NSURLSession *)session didReceiveChallenge :( NSURLAuthenticationChallenge *)challenge completionHandler :( void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler {   NSURLSessionAuthChallengeDisposition lDisposition = NSURLSessionAuthChallengeUseCredential;
NSURLCredential *credential = [[NSURLCredential alloc] init];


if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
    credential = [NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust];
    lDisposition = NSURLSessionAuthChallengeUseCredential;
}
completionHandler(lDisposition, credential);}
相关问题
最新问题