通过 Xamarin.iOS 应用程序调用我们的内部 api 服务器时,我们遇到了问题。
我们的反向代理服务器总是返回 403 HTTP 错误。服务器的日志显示:“没有通过 SNI 为基于名称的虚拟主机提供主机名”。
使用 Mono TLS:没问题。但是对于 Apple TLS,它不起作用。我们已经测试了所有 HTTP 客户端实现:托管代码、NSUrlSession 和 CFNetwork,结果相同。
我知道 Apple TLS 支持 SNI。在 iPhone 上使用 Safari 时,我们的网络服务器可以毫无问题地提供内容。
但是,对于 Xamarin,特别是对于 Apple TLS,这是不可能的。
你有什么想法吗?
PS:我们绕过证书验证
ServicePointManager.ServerCertificateValidationCallback
+= (sender, certificate, chain, sslPolicyErrors) => {return true;};
最佳答案
使用 NSUrlSession
(适用于 SNI):
webView = new WKWebView(new CGRect(40, 100, 400, 400), new WKWebViewConfiguration());
Add(webView);
button = new UIButton(UIButtonType.System);
button.Frame = new CGRect(40, 40, 100, 40);
button.SetTitle("Fetch", UIControlState.Normal);
Add(button);
button.TouchUpInside += async (object sender, EventArgs e) =>
{
var url = new NSUrl("https://sni.velox.ch");
var task = await NSUrlSession.SharedSession.CreateDataTaskAsync(url);
webView.LoadHtmlString(NSString.FromData(task.Data, NSStringEncoding.UTF8), new NSUrl(""));
};
或使用
bob.sni.velox.ch
或 alice.sni.velox.ch
TLS SNI Test Site: *.sni.velox.ch
Great! Your client [TLSv12wSNI/1.0 CFNetwork/808.0.1 Darwin/15.6.0]
sent the following TLS server name indication extension (RFC 6066)
in its ClientHello (negotiated protocol: TLSv1.2, cipher suite:
ECDHE-RSA-AES256-GCM-SHA384):
sni.velox.ch
In your request, this header was included:
Host: sni.velox.ch
使用 HttpClient:
button.TouchUpInside += async (object sender, EventArgs e) =>
{
ServicePointManager.ServerCertificateValidationCallback += (servicesender, certificate, chain, sslPolicyErrors) => { return true; };
var client = new HttpClient();
var response = await client.GetAsync("https://sni.velox.ch");
webView.LoadHtmlString(new NSString(await response.Content.ReadAsStringAsync()), new NSUrl(""));
};
使用 SSL/TLS 实现设置为
Mono TLS
(适用于 SNI):TLS SNI Test Site: *.sni.velox.ch
Great! Your client [TLSv12wSNI/1.0 CFNetwork/808.0.1 Darwin/15.6.0]
sent the following TLS server name indication extension (RFC 6066) in
its ClientHello (negotiated protocol: TLSv1.2, cipher suite:
ECDHE-RSA-AES256-GCM-SHA384):
sni.velox.ch
In your request, this header was included:
Host: sni.velox.ch
使用 SSL/TLS 实现设置为
Apple TLS (default)
: ( 错误 )错误:
your client did not send a TLS server name indication extension
TLS SNI Test Site: alice.sni.velox.ch
Unfortunately, your client did not send a TLS server name indication
extension (RFC 4366) in its ClientHello (negotiated protocol: TLSv1.2,
cipher suite: ECDHE-RSA-AES256-GCM-SHA384), so you're probably
getting warnings about certificate name mismatches.
In your request, this header was included:
Host: sni.velox.ch
笔记:
我们个人避免
HttpClient
在 iOS 上并始终使用 iOS“ native ”网络类/API:NSUrlSession
, NSURLConnection
, ....提交的错误:https://bugzilla.xamarin.com/show_bug.cgi?id=43794
关于c# - Xamarin 支持 Apple TLS(不是 Mono TLS)的 SNI?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39168279/