我想与我的服务器进行安全通信,这就是我正在做的事情......
NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];
SecTrustRef trust = [protectionSpace serverTrust];
NSURLCredential *credential = [NSURLCredential credentialForTrust:trust];
SecPolicyRef myPolicy = SecPolicyCreateBasicX509();
NSArray * certs = [[NSArray alloc] initWithObjects:(id)certificate,nil]; //certificate is my server's cert.
credential = [NSURLCredential credentialForTrust:trust];
SecTrustSetAnchorCertificates(trust,
(CFArrayRef) [NSArray arrayWithObject:(id) certificate ]);
OSStatus status = SecTrustCreateWithCertificates(certs, myPolicy, &trust);
SecTrustResultType trustResult = 0;
if (status == noErr) {
status = SecTrustEvaluate(trust, &trustResult);
}
NSLog(@"Trust I get: %d", trustResult);
[certs release];
if (trustResult == kSecTrustResultRecoverableTrustFailure) {
NSLog(@"Recoverable Failure");
CFAbsoluteTime trustTime,currentTime,timeIncrement,newTime;
CFDateRef newDate;
trustTime = SecTrustGetVerifyTime(trust);
timeIncrement = 31536000;
currentTime = CFAbsoluteTimeGetCurrent();
newTime = currentTime - timeIncrement;
if (trustTime - newTime){
newDate = CFDateCreate(NULL, newTime);
SecTrustSetVerifyDate(trust, newDate);
status = SecTrustEvaluate(trust, &trustResult);
}
NSLog(@"Trust again:%d", trustResult);// AGAIN kSecTrustResultRecoverableTrustFailure(5) over here
}
任何人都知道为什么会这样...... 似乎它不是关于证书的到期(实际上也不是这样),但可能是原因。
谢谢
人
答案 0 :(得分:5)
SecTrustResultRecoverableTrustFailure
我通过配置网络服务器来发送整个证书链而不是仅发送服务器证书来解决我的问题。
通过配置我的apache mod_ssl: https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile