在报告不符合测试版的情况下,努力更新iOS5的应用程序。该问题被追溯到我们的自定义SSL证书验证不再有效的事实。
在didReceiveAuthenticationChallenge部分中,我们获取了根证书并调用了SecTrustEvaluate。这适用于iOS4。
protectionSpace = [challenge protectionSpace];
trust = [protectionSpace serverTrust];
err = SecTrustEvaluate(trust, &trustResult);
trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified));
if (!trusted) {
err = SecTrustSetAnchorCertificates(trust, (CFArrayRef)[EagleAccessAppDelegate getDelegate].rootCertificates);
if (err == noErr) {
err = SecTrustEvaluate(trust, &trustResult);
}
trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified));
}
if (trusted) {
NSURLCredential *cred = [NSURLCredential credentialForTrust:trust];
[[challenge sender] useCredential:cred forAuthenticationChallenge:challenge];
} else {
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
证书以DER格式存储为应用程序附带的资源。
// Load Certificates.
NSString *devFilePath = [[NSBundle mainBundle] pathForResource:@"ipms-dev-ca.der" ofType:@"crt"];
NSData *devRootCertificate = [[[NSData alloc] initWithContentsOfFile:devFilePath] autorelease];
SecCertificateRef devRoot = SecCertificateCreateWithData(NULL, (CFDataRef) devRootCertificate);
NSString *prodFilePath = [[NSBundle mainBundle] pathForResource:@"ipms-prod-ca.der" ofType:@"crt"];
NSData *prodRootCertificate = [[[NSData alloc] initWithContentsOfFile:prodFilePath] autorelease];
SecCertificateRef prodRoot = SecCertificateCreateWithData(NULL, (CFDataRef) prodRootCertificate);
self.rootCertificates = [[NSArray alloc] initWithObjects:(id)devRoot, (id)prodRoot, nil];
我们基本上拥有自己的CA证书,我们用它来为我们的应用程序连接的服务器颁发证书。
我可以使用AdvancedURLConnections示例应用程序重新创建它。
答案 0 :(得分:4)
问题是证书是MD5签名。 iOS5不再支持这些签名。