AFNetworking 2 无法使用自签名证书

Unable to use self signed certificate with AFNetworking 2(AFNetworking 2 无法使用自签名证书)

问题描述

我将 Apache Server 使用的 .cer 证书放在了 Xcode 项目中.当应用程序尝试与服务器通信时，我在 Xcode 中收到此错误:

I put the .cer certificate used by the Apache Server in the Xcode project. When the app tries to talk to the server I get this error in Xcode:

Assertion failure in id AFPublicKeyForCertificate(NSData *__strong)(),
/Users/../ProjectName/AFNetworking/AFSecurityPolicy.m:52
*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', 
reason: 'Invalid parameter not satisfying: allowedCertificate'

这是调用服务器的代码:

Here is the code for calling the server :

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.responseSerializer = [AFJSONResponseSerializer serializer];
[self setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]];
[manager POST:@"https://www.example.com/" parameters:params success:^(AFHTTPRequestOperation *operation, id responseObject) {
//success
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
//failure
}];

我将固定模式更改为 AFSSLPinningModeCertificate，但没有成功.

I changed the pinning mode to AFSSLPinningModeCertificate with no luck.

当我删除这一行时:

[self setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]];

服务器返回错误信息:

"The operation couldn't be completed. (NSURLErrorDomain error -1012.)"

证书是使用 OpenSSL 创建的，我什至尝试了 StartSSL.com 的免费证书

The certificate was created using OpenSSL, and I even tried a free certificate from StartSSL.com

至于 Apache Server 端，这里是虚拟主机配置:

As for the Apache Server side, here is the virtual host configuration:

# My custom host
<VirtualHost *:443>
    ServerName www.example.com
    DocumentRoot "/path/to/folder"
    SSLEngine on
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLCertificateFile /path/to/www.example.com.cer
    SSLCertificateKeyFile /path/to/www.example.com.key
    <Directory "/the/directory/">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog "logs/mysite.local-error_log"
</VirtualHost>

而且服务器确实监听 443 端口

and the server does listen to the 443 port

推荐答案

您的证书文件格式似乎不正确.您的代码在以下几行失败 (AFURLConnectionOperation/pinnedPublicKeys):

It looks like your certificate file is not in the right format. Your code fails at these lines (AFURLConnectionOperation/pinnedPublicKeys):

SecCertificateRef allowedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)data);
NSParameterAssert(allowedCertificate);

当我的证书看起来像这样时，我遇到了同样的错误(在 AFNetworking 1.1 上，但版本无关紧要):

I had the same error (on AFNetworking 1.1, but the version should not matter), when my certificate was looking like this:

-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE----- 

我设法通过使用 this answer 中的命令将证书转换为 x509 格式来解决此问题:

I managed to resolve this by converting the certificate to x509 format, using the command from this answer:

openssl x509 -in adn.crt -outform der -out "adn.der"

之后我将 adn.der 重命名为 adn.cer('.cer' 似乎是 AFNetworking 的预期扩展名)，现在一切正常.

Afterwards I renamed adn.der back to adn.cer ('.cer' seems to be the expected extension for AFNetworking), and everything works well now.

这篇关于AFNetworking 2 无法使用自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！