我有带有REST API的自定义硬件设备。设备具有自签名的根证书。我正在尝试进行简单的GET调用,但是我的所有请求都失败了:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
更多说明:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
Error Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fa2fb219530>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, NSErrorPeerCertificateChainKey=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}, NSUnderlyingError=0x7fa2fb3018e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fa2fb219530>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9808, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk., NSErrorFailingURLKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorFailingURLStringKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorClientCertificateStateKey=0}
我在AFHTTPSessionManger子类中的代码是
NSData *myCertificate = [NSData dataWithContentsOfFile: [[NSBundle mainBundle] pathForResource:@"selfSignedRootCertificate" ofType:@"cer"]];
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
securityPolicy.validatesDomainName = NO;
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.pinnedCertificates = @[myCertificate];
我试图根据iOS 9.0中的更改将异常添加到plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
我不知道我在做什么错。我的观点是将我的自签名根证书固定到应用程序,以便能够使用https连接。您能以正确的方式帮助我吗?
我有AFNetworking(2.6.1)。
谢谢你的帮助!
所以我终于找到了问题的根源。定制硬件设备上的ssl-library存在问题。在硬件上重新实现后,所有内容都可以发挥作用。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句