ios - AFNetworking 需要绕过 ssl 检查

Question

我有一个直接连接到硬件路由器的应用程序。从 iOS 9 开始，我更新了 AFNetworking，现在我在尝试通过 https 连接时遇到 ssl 错误。

这不是 iOS 9 App Transport Security 问题，因为我添加了相关的 .plist 条目以绕过它和连接在 http 上正常工作。

我需要绕过证书检查，因为每个路由器都有自己的自签名证书，所以我显然不能将证书添加到我的应用程序中，因为每个用户都是不同的。

我使用 AFHTTPRequestOperation 子类进行连接并设置了 self.securityPolicy.allowInvalidCertificates = YES; 但我收到以下错误:

Error during connection: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9806, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fa9f3611b40 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://myserver.com:4780/Info.htm, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9806, _kCFStreamPropertySSLClientCertificateState=0, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://myserver.com:4780/Info.htm, _kCFStreamErrorCodeKey=-9806}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://myserver.com:4780/Info.htm, NSErrorFailingURLStringKey=https://myserver.com:4780/Info.htm, _kCFStreamErrorDomainKey=3}

我也尝试添加 setWillSendRequestForAuthenticationChallengeBlock: 但是该 block 永远不会被调用。

有人可以帮忙吗？

谢谢

编辑 ----- 设置 self.securityPolicy.validatesDomainName = NO; 也不起作用。请问是不是硬件证书类型的问题。

编辑 2 ----- 这是证书

New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : DES-CBC3-SHA Session-ID: 010000000C6B8632215649C0665E9DCC9EC59E22F8F021672B6B50B84222A342 Session-ID-ctx: Master-Key: D71EC7D8F7A4A3581E25CDAD9C532B2C7B4DA8B513AF337095496B575F525CFBA02A40797B2D2A4F0B5911EFEFC3623F Key-Arg : None Start Time: 1443102149 Timeout : 300 (sec) Verify return code: 18 (self signed certificate)

编辑 3 -------- 将这段代码添加到我的 AFHTTPRequestOperation 子类中可以使其在 iOS 8 上运行，但在 iOS 9 上什至不会调用该 block 。

[self setWillSendRequestForAuthenticationChallengeBlock:^(NSURLConnection * _Nonnull connection, NSURLAuthenticationChallenge * _Nonnull challenge)
    {
        NSLog(@"**** HERE ****");
        if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
        {
            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
        }
        [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
    }];

Answer 1

AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
securityPolicy.allowInvalidCertificates = YES;
manager.securityPolicy = securityPolicy;