使用NSURLConnection忽略证书错误

Question

我收到了这个错误

The certificate for this server is invalid. You might be connecting to a server
that is pretending to be "server addres goes here" which could put your
confidential information at risk."

我正在使用这种方法:

[NSURLConnection sendSynchronousRequest:request
                      returningResponse:&response
                                  error:&error];

我怎样才能解决这个问题？

我试过这段代码:

 NSURLConnection *connection = [[NSURLConnection alloc] initWithRequest:request
                                                               delegate:self];

但后来我在didReceiveResponse方法中获得了EXC_BAD_ACCESS.

Answer 1

如果您没有发送任何敏感信息,则可以忽略无效证书.本文介绍了如何做到这一点.以下是Alexandre Colucci对该文章中描述的方法之一的示例实现.

基本上你想在上面定义一个虚拟接口@implementation:

@interface NSURLRequest (DummyInterface)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
@end

在调用之前sendSynchronousRequest,调用您在虚拟接口中定义的私有方法:

[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];

Answer 2

使用新的正确(非弃用,非私有)方式:

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

apple指定的方法应该用于NSURLConnectionDelegates是使用为保护空间提供的凭据响应ServerTrust方法(这将允许您连接:

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
    if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Ignoring SSL");
        SecTrustRef trust = challenge.protectionSpace.serverTrust;
        NSURLCredential *cred;
        cred = [NSURLCredential credentialForTrust:trust];
        [challenge.sender useCredential:cred forAuthenticationChallenge:challenge];
        return;
    }

    // Provide your regular login credential if needed...
}

对于每种可用的身份验证方法,此方法会多次调用一次,如果您不想使用该方法登录,请使用:

 [challenge.sender rejectProtectionSpaceAndContinueWithChallenge:challenge];

Answer 3

我有类似的问题.通过使用下面的代码片段解决了它:

-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {

    NSLog(@"This will execute successfully!");
    if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodServerTrust) {

        [[challenge sender] useCredential:[NSURLCredential credentialForTrust:[[challenge protectionSpace] serverTrust]] forAuthenticationChallenge:challenge];
    }
}

由于以下方法已弃用:

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)space { ... }

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { ... }

Answer 4

您使用的是 HTTPS 网址吗？如果是这样，请在浏览器中访问该 URL 并检查证书。确保证书对于您尝试使用的域或子域有效，并且所有中间证书均已安装在您的服务器上。我遇到了类似的问题，解决方案是安装中间证书。