我正在尝试通过 Alamofire 为我的请求使用自签名证书。
let trustPolicy = ServerTrustPolicy.pinCertificates(certificates: [certificate], validateCertificateChain: true, validateHost: true)
let serverTrustPolicies: [String: ServerTrustPolicy] = [ "https:-domain-name": trustPolicy,"domain-name" : .disableEvaluation] let policyManager = ServerTrustPolicyManager(policies: serverTrustPolicies)
但是我遇到了以下错误。
CredStore - copyIdentPrefs - Error copying Identity cred. Error=-25300, query={ class = idnt; labl = "https://domain-name:443/"; "r_Ref" = 1; }
和
[BoringSSL] boringssl_context_alert_callback_handler(3724) [C1.1:2][0x139d1bd20] Alert level: fatal, description: handshake failure 2019-01-22 15:34:23.448605+0530 DB[1276:264543] [BoringSSL] boringssl_session_errorlog(224) [C1.1:2][0x139d1bd20] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1): operation failed within the library
2019-01-22 15:34:23.448796+0530
DB[1276:264543] [BoringSSL] boringssl_session_handshake_error_print(205) [C1.1:2][0x139d1bd20] 5266093016:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.230.1/ssl/tls_record.cc:586:SSL alert number 40
2019-01-22 15:34:23.448986+0530 数据库[1276:264543]
[BoringSSL] boringssl_context_get_error_code(3545) [C1.1:2][0x139d1bd20] SSL_AD_HANDSHAKE_FAILURE
2019-01-22
15:34:23.464957+0530 DB[1276:264543] TIC Read Status [1:0x281599800]: 1:-9824
2019-01-22 15:34:23.467598+0530
DB[1276:264543] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> HTTP load failed (error code: -9824 [1:-9824])
2019-01-22
15:34:23.468019+0530 DB[1276:264574] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> finished with error - code: -9824 2019-01-22 15:34:23.470149+0530 DB[1276:264574] Task <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1> load failed with error Error Domain=NSPOSIXErrorDomain Code=-9824 "Unknown error: -9824" UserInfo={_NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1>, _kCFStreamErrorDomainKey=1, NSErrorPeerAddressKey={length = 16, capacity = 16, bytes = 0x100201bb03106e120000000000000000}, _kCFStreamErrorCodeKey=-9824, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <43E199F9-B030-4BFD-B9E0-8C9F59B43E72>.<1>" )} [-9824]
过去 1 周一直在尝试这个。任何帮助将不胜感激。
最佳答案
在 Alamofire 中禁用评估不会禁用系统的证书基本验证,默认情况下会阻止自签名证书。我建议你阅读 Apple's ATS documentation ,但我猜这将需要为您的域和其他设置组合使用 NSExceptionAllowsInsecureHTTPLoads。如果可以的话,您还应该确保不要发布这些设置。
关于ios - 无聊的 SSL 握手失败和复制 Identity Cred 时出错,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54305960/