从http切换到https.证书无效

Question

我有一个连接到我的家庭路由器Web界面的应用程序.我想将其转换为使用https而不仅仅是http.我最初使用ASIHttpRequest,但由于它不再支持我转换到AFNetworking.问题是,每当我尝试连接时,都会收到以下错误消息:

_block_invoke_0220 [Line 243] ERROR: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.1.1” which could put your confidential information at risk." UserInfo=0x9792ad0 {NSErrorFailingURLStringKey=https://192.168.1.1/Info.live.htm, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://192.168.1.1/Info.live.htm, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.1.1” which could put your confidential information at risk., NSUnderlyingError=0xa6a3560 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.1.1” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=< SecTrustRef:

如果我导航到我的safari网址,我收到一条消息,Safari无法验证身份....我必须点击继续继续.我怎样才能做到这一点？不幸的是,我对ssl或https一无所知.这是我目前使用的代码:

NSString *urlString = @"https://192.168.1.1/";
NSURL *url = [NSURL URLWithString:urlString];

// Set authorization
AFHTTPClient *httpClient = [[AFHTTPClient alloc] initWithBaseURL:url];
[httpClient setAuthorizationHeaderWithUsername:user password:pass];

NSURLRequest *request = [httpClient requestWithMethod:@"POST" path:@"Info.live.htm" parameters:nil];
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:request];
[operation setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation, id responseObject) {
    NSString *responceString = [operation responseString];
    //        NSLog(@"%@",responceString);
    if ([self parseInfoLive:responceString])
        [[NSNotificationCenter defaultCenter] postNotificationName:@"downloadsComplete" object:nil];
}
                                 failure:^(AFHTTPRequestOperation *operation, NSError *error) {
                                     NSLog(@"ERROR: %@",error.description);
                                 }];


[operation start];

Answer 1

要绕过主机证书的有效性检查,请添加以下代码.

首先为已经在SDK中但不公开的setter方法添加一个接口:

@interface NSURLRequest(Private)
+(void)setAllowsAnyHTTPSCertificate:(BOOL)inAllow forHost:(NSString *)inHost;
@end

现在,无论何时呈现新请求,都要调用该setter:

[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[inURL host]];

警告

不要将此代码用于生产,但仅限于在尚未批准/提交/安装证书的情况下开发应用程序.典型的是使用未安装可信证书的开发服务器.使用此代码将使您的应用程序被拒绝通过iTunes分发,因为它使用私有API方法.

为确保在生产环境中顺利运行,您必须为主机获取受信任的SSL证书.有各种权威的公司提供这样的东西.至少提一个(还有更多),你可以使用GoDaddy.

更新(2013年5月31日)

AFNetworking已更新,无需使用任何私有API即可支持开箱即用的无效证书.感谢Peter Steinberger!

要启用该功能,最方便的解决方案是将以下内容添加到前缀标头(.pch)中:

#ifdef DEBUG
#define _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
#endif

再一次,我不能强调你应该避免在生产代码中启用该功能 - 你几乎会使SSL连接的整个点无效并使它们易受攻击.