相关疑难解决方法(0)

我一直在使用以下代码

AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc]initWithRequest:request];
operation.allowsInvalidSSLCertificate=YES;

现在我已将AFNetworking更改为2.0的最新版本.operation.allowsInvalidSSLCertificate不与工作了AFHTTPRequestOperation.根据我使用的文件

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.securityPolicy.allowInvalidCertificates = YES;

我的请求代码是

AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc]initWithRequest:request];

[operation  setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation, id responseObject) {

    NSLog (@"success: %@", operation.responseString);

}
                                  failure:^(AFHTTPRequestOperation *operation, NSError *error) {
                                      NSLog(@"error: %@",  error.description);
                                  }
 ];

[operation start];
[operation waitUntilFinished];

但这不适用于需要证书的HTTPS.我应该怎么做才能使这项工作？

我想阻止我的应用程序/服务器通信从MITM攻击,所以我试图设置SSL固定,但我在使用自签名证书使用AFNetworking 2.2时遇到问题.我认为这主要是我如何生成证书的问题.

我首先尝试根据这些说明生成自签名证书:

生成私钥:

sudo openssl genrsa -des3 -out server.key 2048

生成签名请求,并在询问公共名称时使用域名:

sudo openssl req -new -key server.key -out server.csr

生成证书:

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

最后,将其转换为der格式(因为AFNetworking 需要它)

sudo openssl x509 -outform der -in server.crt -out server.der

服务器是Ubuntu 12.04,运行ngninx + passenger来提供Rails 4应用程序.这是我的nginx服务器配置打开SSL的位:

server {
  listen 80;
  listen 443;
  server_name myapp.com;
  passenger_enabled on;
  root /var/www/myapp/current/public;
  rails_env production;
  ssl on;
  ssl_certificate /etc/nginx/ssl/server.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;
}

重新启动nginx后,下载der文件,将其添加到我的项目,并将其重命名为"server.cer"(因为AFNetworking要求证书使用.cer扩展名),我使用此代码打开我的AFHTTPSessionManager子类的SSL固定: …

我有ssl证书(.cer)作为文件提供给我.我将它添加到捆绑包中,并希望使用它与服务器进行通信.

我使用了苹果提供的代码:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
    DLog(@"didReceiveAuthenticationChallenge : %@",challenge);
    if ([challenge.protectionSpace.authenticationMethod
         isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSString *filePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"];
        NSData *certData = [NSData dataWithContentsOfFile:filePath];
        CFDataRef myCertData = (__bridge CFDataRef)certData; 
        SecCertificateRef myCert = SecCertificateCreateWithData(NULL,
                                                                myCertData);
        SecPolicyRef myPolicy = SecPolicyCreateBasicX509();         // 3
        SecCertificateRef certArray[1] = { myCert };
        CFArrayRef myCerts = CFArrayCreate(NULL,
                                           (void *)certArray,
                                           1,
                                           NULL);
        SecTrustRef myTrust;
        OSStatus status = SecTrustCreateWithCertificates(
                                                         myCerts,
                                                         myPolicy,
                                                         &myTrust);  // 4
        SecTrustResultType trustResult = 0;
        if (status == noErr) {
            status = SecTrustEvaluate(myTrust, &trustResult); …