Ios NSURLConnection使用由自定义CA签名的证书与具有SSL的CocoaHTTPServer连接失败
我有一个小应用程序,里面有CocoaHttpServer。我只想为环回呼叫启用它,并且我只想能够从我的应用程序拨打这些电话。别问为什么——我需要它Ios NSURLConnection使用由自定义CA签名的证书与具有SSL的CocoaHTTPServer连接失败,ios,ssl,ssl-certificate,cocoahttpserver,Ios,Ssl,Ssl Certificate,Cocoahttpserver,我有一个小应用程序,里面有CocoaHttpServer。我只想为环回呼叫启用它,并且我只想能够从我的应用程序拨打这些电话。别问为什么——我需要它 self.httpServer = [[HTTPServer alloc] init]; self.httpServer.port = HTTP_SERVER_PORT; self.httpServer.interface = @"loopback"; self.httpServer.connectionClass = [HTTPSolFSConne
self.httpServer = [[HTTPServer alloc] init];
self.httpServer.port = HTTP_SERVER_PORT;
self.httpServer.interface = @"loopback";
self.httpServer.connectionClass = [HTTPSolFSConnection class];
NSError *error;
if([self.httpServer start:&error]) {
DDLogInfo(@"Started HTTP Server on port %hu", [self.httpServer listeningPort]);
}
else {
DDLogError(@"Error starting HTTP Server: %@", error);
}
- (BOOL)isSecureServer {
return YES;
}
- (NSArray *)sslIdentityAndCertificates {
NSArray *result = nil;
NSData *serverCertificateData = [[NSData alloc] initWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"server" ofType:@"p12"]];
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { CFSTR("friday_internet") };
CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
CFArrayRef items = NULL;
OSStatus securityError = SecPKCS12Import((__bridge CFDataRef) serverCertificateData, options, &items);
if (options) {
CFRelease(options);
}
if (securityError == errSecSuccess) {
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex(items, 0);
SecIdentityRef identity = (SecIdentityRef) CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemIdentity);
SecCertificateRef serverCertificate = NULL;
SecIdentityCopyCertificate(identity, &serverCertificate);
NSData *caCertificateData = [[NSData alloc] initWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"ca" ofType:@"der"]];
SecCertificateRef caCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) caCertificateData);
NSArray *anchorCertificates = @[ (__bridge id) serverCertificate, (__bridge id) caCertificate ];
SecTrustResultType trustResult;
SecTrustRef trust = (SecTrustRef) CFDictionaryGetValue(myIdentityAndTrust, kSecImportItemTrust);
SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef) anchorCertificates);
SecTrustSetAnchorCertificatesOnly(trust, false);
SecTrustEvaluate(trust, &trustResult);
NSLog(@"SecTrustResultType: %d", trustResult);
result = @[ (__bridge id) identity, (__bridge id) caCertificate, (__bridge id) serverCertificate ];
if (serverCertificate) {
CFRelease(serverCertificate);
}
}
if (items) {
CFRelease(items);
}
return result;
}
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid.
You might be connecting to a server that is pretending to be “localhost” which could
put your confidential information at risk." UserInfo=0xb93da40
{NSErrorFailingURLStringKey=https://localhost:12345/file.txt,
NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,
NSErrorFailingURLKey=https://localhost:12345/file.txt,
NSLocalizedDescription=The certificate for this server is invalid.
You might be connecting to a server that is pretending to be “localhost” which could
put your confidential information at risk., NSUnderlyingError=0xf155310
"The certificate for this server is invalid. You might be connecting to a server
that is pretending to be “localhost” which could put your confidential information
at risk.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x13329720>}
Error Domain=nsurerrordomain code=-1202“此服务器的证书无效。
您可能正在连接假装为“localhost”的服务器,这可能会导致
将您的机密信息置于危险之中。”UserInfo=0xb93da40
{NSErrorFailingURLStringKey=https://localhost:12345/file.txt,
nsLocalizedRecoverysSuggestion=是否仍要连接到服务器?,
N错误失效键=https://localhost:12345/file.txt,
NSLocalizedDescription=此服务器的证书无效。
您可能正在连接假装为“localhost”的服务器,这可能会导致
将您的机密信息置于危险之中,NSUnderlyingError=0xf155310
“此服务器的证书无效。您可能正在连接到服务器
这是假装是“本地主机”,它可以放置您的机密信息
有风险。”,nsurErrorFailingUrlPeerTrustErrorKey=}
问题是,我在我的应用程序中使用了一个第三方库,它与我的服务器进行通信。它不使用基础框架,所以首先两种方法不起作用。有没有一种方法可以通过编程而不是手动发送证书?您解决过这个问题吗?