我在服务器上进行了自签名证书验证。
当我尝试在 mac 上的浏览器中使用 api https://wikiroutes.info/test/api/ios/getCities 时,它仅在我接受 .p12 证书时才起作用。我找不到可以在 AFNetworking 中输入 .p12 密码的位置。我也有文件 .der,但是当我使用它时,我在代码 SecTrustEvaluate(allowedTrust, &result)
kSecTrustResultRecoverableTrustFailure
我的代码
NSString* fileRoot = [[NSBundle mainBundle] pathForResource:@"cert.pem" ofType:@"der"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:fileRoot];
AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
securityPolicy.SSLPinningMode = AFSSLPinningModeCertificate;
[securityPolicy setAllowInvalidCertificates:YES];
securityPolicy.pinnedCertificates = @[certData];
AFHTTPRequestOperationManager *operationManager = [[AFHTTPRequestOperationManager alloc] initWithBaseURL:[NSURL URLWithString:@"https://wikiroutes.info"]];
operationManager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"text/plain"];
operationManager.securityPolicy = securityPolicy;
[operationManager GET:@"test/api/ios/getCities" parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
NSLog(@"response %@",responseObject);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"error %@",error);
}];
这是我的测试项目。 https://www.dropbox.com/s/410w5bau3e3slx9/testApp.zip
它的证书文件
https://www.dropbox.com/s/hk9hywri37wxpet/cert.pem.der https://www.dropbox.com/s/2cpfhokh59jo15d/cert.p12(密码 - nM123456)
最佳答案
据我所知,AFNetworking 会自动搜索带有“.cer”扩展名的 DER 格式的证书,因此您需要像这样转换 PEM 证书:
openssl x509 -in cert.pem -outform der -out cert.cer
关于ios - AFNetworking https 自签名证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23490299/