带有 NSURLConnection 的 HTTPS - NSURLErrorServerCertificateUntrusted-移动开发问题

HTTPS with NSURLConnection - NSURLErrorServerCertificateUntrusted(带有 NSURLConnection 的 HTTPS - NSURLErrorServerCertificateUntrusted)

本文介绍了带有 NSURLConnection 的 HTTPS - NSURLErrorServerCertificateUntrusted的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

I have an application that connects fine over http. When trying https I got the error that says that the root cert is not trusted. I found URLs for my site certificate, its CA certificate, and the CA's root certificate and have added them through Safari to the phone. Now when I go to Preferences -> General -> Profiles I can see all my certificates that go all the way up the chain. There is a red unsigned label on each certificate. Still when I connect I get the NSURLErrorServerCertificateUntrusted error. I'm trying to figure where to go next.

Any help would be great. The only other thing that may affect this, is that I am connecting to an odd port. So my url is www.domain.com:port. Does the port number create a certificate - domain name mismatch?

Now I have used the iPhone Configuration Utility to add a configuration profile to the phone. It has my root certificate, ca certificate, and site certificate. The profile on the phone says its verified. In the details I can see my three certificates. But when I try to connect, I still get the untrusted certificate error. Any suggestions?

Just trying to see if anyone else can help on this?

解决方案

There is a supported API for ignoring bad certificates during NSURLConnection loads. To do so, simply add something like this to your NSURLConnection delegate:

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
  return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
  if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    if (... user allows connection despite bad certificate ...)
      [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

  [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

Note that connection:didReceiveAuthenticationChallenge: can send its message to challenge.sender (much) later, after presenting a dialog box to the user if necessary, etc.

这篇关于带有 NSURLConnection 的 HTTPS - NSURLErrorServerCertificateUntrusted的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！