ASIHTTPRequest https 请求 & SSL协议
我正在尝试使用 https 发送一个非常简单的 ASIHTTPRequest。尽管我已将 validatesSecureCertificate 标志设置为“NO”,但我的请求仍然得到奇怪的响应:
A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)
我使用的代码非常简单,出于安全原因,我删除了实际参数:
NSURL *url = [NSURL URLWithString:@"https://secured.cet.ac.il/KotarServices/getMyBooks.aspx?username=xxxxxxxx&password=xxxxx&packageid=x"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
[request setDidFailSelector:@selector(getMyBooksFailedWithError:)];
[request setDidFinishSelector:@selector(getMyBooksFinishedWithResult:)];
[request setDelegate:self];
[request setValidatesSecureCertificate:NO];
[request startAsynchronous];
深入研究代码,我发现请求失败并出现“-9807”错误代码,该错误代码仅与操作系统相关,与我正在交互的服务器无关(SecureTransport.h 将其映射为“无效的证书链”)。有什么想法如何克服这个问题?提前致谢。
I'm trying to send out a very simple ASIHTTPRequest with https. Although I have set the validatesSecureCertificate flag to "NO", I still get an odd response for my request:
A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)
The code I am using is pretty straightforward, I am removing the actual parameters for security reasons:
NSURL *url = [NSURL URLWithString:@"https://secured.cet.ac.il/KotarServices/getMyBooks.aspx?username=xxxxxxxx&password=xxxxx&packageid=x"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
[request setDidFailSelector:@selector(getMyBooksFailedWithError:)];
[request setDidFinishSelector:@selector(getMyBooksFinishedWithResult:)];
[request setDelegate:self];
[request setValidatesSecureCertificate:NO];
[request startAsynchronous];
Digging deeper into the code, I see that the request fails on a "-9807" error code, which is related only to the operating system and has nothing to do with the server I am interacting with (SecureTransport.h maps this out to be "invalid certificate chain"). Any ideas how to overcome this issue? Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我记得我在使用 GoDaddy 证书时遇到了类似的问题,必须在 ASIHTTPRequest.m 中进行以下更改,位于 if(![self validatesSecureCertificate]) 内的注释“处理 SSL 证书设置”下方,第 1160 行左右:
[sslProperties setObject:(NSString *)kCFBooleanTrue forKey:(NSString *)kCFStreamSSLAllowsAnyRoot];
I remember i had a similar problem with a GoDaddy certificate and had to make the following change in ASIHTTPRequest.m, below the comment "Handle SSL certificate settings", inside the if(![self validatesSecureCertificate]), around line 1160:
[sslProperties setObject:(NSString *)kCFBooleanTrue forKey:(NSString *)kCFStreamSSLAllowsAnyRoot];
我今天刚购买的 GoDaddy 证书遇到了这个问题。对 trydis 解决方案的一个更正:我认为您希望在 if(![self validatesSecureCertificate]) 之外进行此操作,因为您实际上想要验证证书。正如评论所说,if 子句中的内容“告诉 CFNetwork 不要验证 SSL 证书”。老实说,我不知道为什么客户端将 GoDaddy 证书解释为根证书,这正是需要进行此更改的首要原因。
I ran into this with a GoDaddy certificate I just bought today. One correction to trydis's solution: I think you want this outside the if(![self validatesSecureCertificate]), since you actually want to validate the certificate. As the comment says, stuff inside the if clause "tells CFNetwork not to validate SSL certificates". TBH, I have no idea why the GoDaddy certificate is being interpreted by the client as a root certificate, which is what's necessitating this change in the first place.