Question

我是Objective C和HTTP的新手。请就此事告诉我。

我需要我的iPhone应用程序通过HTTP与我的服务器通信。我创建了自签名证书，当通过浏览器访问URL时，它可以显示服务器不受信任的警告消息。没关系。

从我的iPhone应用程序发送HTTP请求。通过HTTPS我正在使用ASIHTTPRequest。但我收到一条错误消息“发生连接失败：SSL问题（可能的原因可能包括错误/过期/自签名证书，时钟设置为错误的日期）”。

我在Stackoverflow周围浏览并学会了以下方式：

我从浏览器下载了证书并将其包含在我的Xcode项目中。
将证书加载到NSData

NSString * fullFileName = @“myCertificate.cer”; NSString * fileName = [[fullFileName lastPathComponent] stringByDeletingPathExtension]; NSString * extension = [fullFileName pathExtension]; NSData * PKCS12Data = [NSData dataWithContentsOfFile：[[NSBundle mainBundle] pathForResource：fileName ofType：extension]];
Exctract identity

[self extractIdentity：＆amp; identity andTrust：＆amp; trust fromPKCS12Data：PKCS12Data password：@“myCertificatePasswordHere”];
通过HTTPS发送HTTP请求

ASIHTTPRequest * request = [ASIHTTPRequest requestWithURL：myHTTPsURLHere]; [request setClientCertificateIdentity：identity]; [request startSynchronous];
这里的很多人建议我也修改了ASIHTTPRequest.m并包括

[sslProperties setObject：（NSString *）kCFBooleanTrue forKey：（NSString *）kCFStreamSSLAllowsExpiredCertificates]; [sslProperties setObject：（NSString *）kCFBooleanTrue forKey：（NSString *）kCFStreamSSLAllowsExpiredRoots];

进入IF声明

   if (![self validatesSecureCertificate]) {

     NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                           [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                           [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                           [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                           kCFNull,kCFStreamSSLPeerName,
                                           @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
                                           nil];

    CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                    kCFStreamPropertySSLSettings, 
                                    (CFTypeRef)sslProperties);


            [sslProperties release];
        }else {
            NSMutableDictionary *sslProperties = [[NSMutableDictionary alloc] initWithObjectsAndKeys:
                                           [NSNumber numberWithBool:NO], kCFStreamSSLAllowsExpiredCertificates,
                                           [NSNumber numberWithBool:NO], kCFStreamSSLAllowsAnyRoot,
                                           [NSNumber numberWithBool:YES],  kCFStreamSSLValidatesCertificateChain,
                                           @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
                                           nil];

            CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                    kCFStreamPropertySSLSettings, 
                                    (CFTypeRef)sslProperties);

            [sslProperties setObject:(NSString *)kCFBooleanTrue forKey:(NSString *)kCFStreamSSLAllowsExpiredCertificates]; // Sergey added this line
            [sslProperties setObject:(NSString *)kCFBooleanTrue forKey:(NSString *)kCFStreamSSLAllowsExpiredRoots]; // Sergey added this line 
            [sslProperties release];
        }

但它没有帮助:(。我仍然收到一条错误消息：

  Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)"

请告诉我如何通过HTTP进行ASIHTTPRequest，以便我的服务器验证客户端证书？我不想使用私人api ......

非常感谢！

Answer 1

ASIHttpRequest和iOS 5确实存在错误。对我有用的一个好方法就是这个：Fix for self-signed client certificates on iOS 5 (alternate) by james-chalfant

如何使用ASIHTTPRequest包含客户端证书？

1 个答案: