没办法信任在iphone上的自签名证书
问题说明
我目前正在尝试连接到具有自签名证书的服务器。我使用NSURLConnection连接到服务器。如何确保我只信任正确的服务器并取消所有其他连接?我使用以下代码
I am currently trying to connect to a server with a self signed certificate. I am using NSURLConnection to connect to the server. How can I make sure that I only trust the right server and cancel all other connections? I am using the following code
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
SecTrustResultType results;
SecTrustRef trust = [[challenge protectionSpace] serverTrust];
SecTrustEvaluate(trust, &results);
if (results == kSecTrustResultProceed || results == kSecTrustResultConfirm) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
} else {
[challenge.sender cancelAuthenticationChallenge:challenge];
}
}
目前 SecTrustEvaluate 始终返回结果等于 kSecTrustResultRecoverableTrustFailure 。我已使用iphone配置实用程序在手机上安装了配置文件,并将其标记为已验证,但未更改结果。
Currently SecTrustEvaluate always returns with results equal to kSecTrustResultRecoverableTrustFailure. I have installed a configuration profile with the certificate on the phone using the iphone configuration utility and it is marked as verified but it did not change the results.
任何人都可以帮助我获得自签名证书的 kSecTrustResultProceed 或 kSecTrustResultConfirm 的信任结果?
Can anyone help me get a trust result of either kSecTrustResultProceed or kSecTrustResultConfirm for a self signed certificate?
正确答案
您需要确保您的证书有一定的扩展名。我配置了一个带有以下扩展名的证书,它对我有用(OpenSSL格式):
You'll need to make sure that your certificate has certain extensions. I configured a certificate with the following extensions, and it worked for me (OpenSSL format):
basicConstraints=critical,CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=IP:192.168.x.y
这篇好文章是转载于:学新通技术网
