Ios4 在信任评估期间持续获取kSecTrustResultRecoverableTrustFailure-iphone
我想安全地与我的服务器通信,以下是我正在做的Ios4 在信任评估期间持续获取kSecTrustResultRecoverableTrustFailure-iphone,ios4,ssl,certificate,security-framework,Ios4,Ssl,Certificate,Security Framework,我想安全地与我的服务器通信,以下是我正在做的 NSURLProtectionSpace *protectionSpace = [challenge protectionSpace]; SecTrustRef trust = [protectionSpace serverTrust]; NSURLCredential *credential = [NSURLCredential credentialForTrust:trust]; SecPolicyRef myPolicy = SecP
NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];
SecTrustRef trust = [protectionSpace serverTrust];
NSURLCredential *credential = [NSURLCredential credentialForTrust:trust];
SecPolicyRef myPolicy = SecPolicyCreateBasicX509();
NSArray * certs = [[NSArray alloc] initWithObjects:(id)certificate,nil]; //certificate is my server's cert.
credential = [NSURLCredential credentialForTrust:trust];
SecTrustSetAnchorCertificates(trust,
(CFArrayRef) [NSArray arrayWithObject:(id) certificate ]);
OSStatus status = SecTrustCreateWithCertificates(certs, myPolicy, &trust);
SecTrustResultType trustResult = 0;
if (status == noErr) {
status = SecTrustEvaluate(trust, &trustResult);
}
NSLog(@"Trust I get: %d", trustResult);
[certs release];
if (trustResult == kSecTrustResultRecoverableTrustFailure) {
NSLog(@"Recoverable Failure");
CFAbsoluteTime trustTime,currentTime,timeIncrement,newTime;
CFDateRef newDate;
trustTime = SecTrustGetVerifyTime(trust);
timeIncrement = 31536000;
currentTime = CFAbsoluteTimeGetCurrent();
newTime = currentTime - timeIncrement;
if (trustTime - newTime){
newDate = CFDateCreate(NULL, newTime);
SecTrustSetVerifyDate(trust, newDate);
status = SecTrustEvaluate(trust, &trustResult);
}
NSLog(@"Trust again:%d", trustResult);// AGAIN kSecTrustResultRecoverableTrustFailure(5) over here
}
任何人都知道为什么会这样。。。
似乎这与证书的到期无关(事实上也并非如此),但可能是原因
多谢各位
al
如果
- 证书是md5哈希的(IOS5)
- 服务器不提供根证书和中间证书
- 已设置SecTrustSetAnchorCertificatesOnly(信任,是),并且锚证书仅在内置锚证书中
- 证书过期了
- ?
我通过将Web服务器配置为发送整个证书链,而不是仅发送服务器证书,解决了我的问题
通过配置我的apache mod_ssl:
any 1愿意回答:p?我也有同样的问题。如何配置apache服务器来发送整个证书链?有人能回答newguy的问题吗?我和他处境相同。。感谢依赖于您使用的Web服务器。可能对你的apache有所帮助。