我正在尝试连接到具有自定义CA根证书的服务器。 我可以使用自定义AFURLSessionManager
中的代码连接到服务器NSSet *certificatesSet = [CryptoProCSP sharedInstance].certsContextSet;
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey withPinnedCertificates:certificatesSet];
securityPolicy.allowInvalidCertificates = true;
securityPolicy.validatesDomainName = false;
self.securityPolicy = securityPolicy;
但是收到错误
[] nw_coretls_read_one_record tls_handshake_process: [-9801]
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
[Error] POST '(null)' (0) [0.8155 s]: Error Domain=NSURLErrorDomain Code=-1200
"An SSL error has occurred and a secure connection to the server cannot be made."
我已经改变了我的plist.info
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>domain.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>1.2</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
和服务器有TLS v1.2
我知道问题是不同的密码套件,我看到握手,但我如何自定义使用必要的密码套件的请求?我发送证书,但这还不够。由于密码套件不同,TLS连接失败。