AFNetworking需要绕过ssl检查

Question

我有一个直接连接硬件路由器的应用程序.因为iOS 9我更新了AFNetworking,现在ssl我尝试连接时遇到错误https.

这不是iOS 9 App Transport Security问题,因为我添加了相关.plist条目以绕过它并且连接工作正常http.

我需要绕过证书检查,因为每个路由器都有自己的自签名证书,所以我显然无法将证书添加到我的应用程序,因为每个用户都不同.

我使用AFHTTPRequestOperation子类进行连接并设置self.securityPolicy.allowInvalidCertificates = YES;但我收到以下错误:

连接期间出错:Error Domain = NSURLErrorDomain Code = -1200"发生SSL错误,无法建立与服务器的安全连接." UserInfo = {_ kCFStreamErrorCodeKey = -9806,NSLocalizedRecoverySuggestion =您是否还要连接到服务器？,NSUnderlyingError = 0x7fa9f3611b40 {错误域= kCFErrorDomainCFNetwork代码= -1200"发生SSL错误,无法建立与服务器的安全连接. " UserInfo = {NSErrorFailingURLStringKey = https://myserver.com:4780/Info.htm,NSLocalizedRecoverySuggestion =您是否还要连接到服务器？,_ kCFNetworkCFStreamSSLErrorOriginalValue = -9806,_kCFStreamPropertySSLClientCertificateState = 0,NSLocalizedDescription =发生SSL错误,无法建立与服务器的安全连接.,_ kCFStreamErrorDomainKey = 3,NSErrorFailingURLKey = https: //myserver.com:4780/Info.htm,_kCFStreamErrorCodeKey = -9806}},NSLocalizedDescription =发生了SSL错误,无法与服务器建立安全连接.,NSErrorFailingURLKey = https://myserver.com:4780/ Info.htm,NSErrorFailingURLStringKey = https://myserver.com:4780/Info.htm,_kCFStreamErrorDomainKey = 3}

我也试过添加setWillSendRequestForAuthenticationChallengeBlock:但是块永远不会被调用.

有人可以帮忙吗？

谢谢

编辑-----设置self.securityPolicy.validatesDomainName = NO;也不起作用.我想知道硬件上的证书类型是否存在问题.

编辑2 -----这是证书

新增,TLSv1/SSLv3,密码是DES-CBC3-SHA服务器公钥是2048位不支持安全重新协商压缩:无扩展:无SSL会话:协议:SSLv3密码:DES-CBC3-SHA会话ID:010000000C6B8632215649C0665E9DCC9EC59E22F8F021672B6B50B84222A342会话-ID-ctx:主密钥:D71EC7D8F7A4A3581E25CDAD9C532B2C7B4DA8B513AF337095496B575F525CFBA02A40797B2D2A4F0B5911EFEFC3623F Key-Arg:无开始时间:1443102149超时:300(秒)验证返回码:18(自签名证书)

编辑3 --------将此代码添加到我的AFHTTPRequestOperation子类使其可以在iOS 8上运行,但是在iOS 9上甚至不调用该块.

[self setWillSendRequestForAuthenticationChallengeBlock:^(NSURLConnection * _Nonnull connection, NSURLAuthenticationChallenge * _Nonnull challenge)
    {
        NSLog(@"**** HERE ****");
        if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
        {
            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
        }
        [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
    }];

Answer 1

我遇到了类似的问题，在我的例子中，我解决了这个问题，将安全策略设置为AFSSLPinningModeNone并显然允许无效证书。

Obj-C 中的示例：

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];

AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
securityPolicy.allowInvalidCertificates = YES;
manager.securityPolicy = securityPolicy;

[manager POST:url parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject)
{
    NSLog(@"Response: %@",responseObject);
}
failure:^(AFHTTPRequestOperation *operation, NSError *error)
{
    NSLog(@"Error: %@", error);
}];