我正在尝试通过Alamofire和RxMoya使用SSL和自签名证书发出https请求,但它一直让我 ATS系统信任失败。 我在很多地方搜索过解决方案,但我还是想不通。我有一个.crt证书并转换为.der并把它放在我的主要包上这是Stacktrace:
2017-12-07 13:01:05.918360+0100 SmartBackpackerApp[86030:5429201] ATS failed system trust
2017-12-07 13:01:05.919271+0100 SmartBackpackerApp[86030:5429201] System Trust failed for [4:0x60000016b4c0]
2017-12-07 13:01:05.920438+0100 SmartBackpackerApp[86030:5429201] TIC SSL Trust Error [4:0x60000016b4c0]: 3:0
2017-12-07 13:01:05.921390+0100 SmartBackpackerApp[86030:5429201] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
2017-12-07 13:01:05.922103+0100 SmartBackpackerApp[86030:5429201] Task <F73E31A0-8AC4-40B4-B80C-05182D3E5647>.<1> HTTP load failed (error code: -1200 [3:-9802])
2017-12-07 13:01:05.923528+0100 SmartBackpackerApp[86030:5429201] Task <F73E31A0-8AC4-40B4-B80C-05182D3E5647>.<1> finished with error - code: -1200
Moya_Logger: [07/12/2017 13:01:05] Response: Received empty network response for airlines("Easy Jet").
2017-12-07 13:01:05.945: SBAirlinesService.swift:39 (getAirlineInfo(name:)) -> Event error(underlying(Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x604000307980>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
"<cert(0x7fca6a853800) s: api.smartbackpacker.com i: api.smartbackpacker.com>"
), NSUnderlyingError=0x600000656080 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x604000307980>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x7fca6a853800) s: api.smartbackpacker.com i: api.smartbackpacker.com>"
)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://api.smartbackpackerapp.com/v1/airlines?name=Easy%20Jet, NSErrorFailingURLStringKey=https://api.smartbackpackerapp.com/v1/airlines?name=Easy%20Jet, NSErrorClientCertificateStateKey=0}, nil))
以下是我用于提出请求的代码:
let serverTrustPolicies = ["api.smartbackpackerapp.com": ServerTrustPolicy.pinCertificates(certificates: ServerTrustPolicy.certificates(), validateCertificateChain: false, validateHost: true)]
self.manager = Manager(configuration: URLSessionConfiguration.default, serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies))
self.manager.delegate.sessionDidReceiveChallenge = { [weak self] session, challenge in
var disposition: URLSession.AuthChallengeDisposition = .performDefaultHandling
var credential: URLCredential?
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust, let trust = challenge.protectionSpace.serverTrust {
disposition = URLSession.AuthChallengeDisposition.useCredential
credential = URLCredential(trust: trust)
} else {
if challenge.previousFailureCount > 0 {
disposition = .cancelAuthenticationChallenge
} else {
credential = self?.manager.session.configuration.urlCredentialStorage?.defaultCredential(for: challenge.protectionSpace)
if credential != nil {
disposition = .useCredential
}
}
}
return (disposition, credential)
}
}
provider = RxMoyaProvider<SBApi>(manager: self.manager, plugins: plugins)
return provider.request(.airlines(name: name))
.debug()
.filterSuccessfulStatusCodes()
.mapObject(SBAirline.self)
.asObservable()
在我的Info.plist文件中:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>https://api.smartbackpackerapp.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
</dict>
</dict>
答案 0 :(得分:0)
OMG,我在Info.plist上有错误的域名,没有 https://
用这个丢了几个小时。 :(