我把Apache服务器使用的.cer证书放在Xcode项目中。当应用程序试图与服务器对话时,我在Xcode:中收到此错误
Assertion failure in id AFPublicKeyForCertificate(NSData *__strong)(),
/Users/../ProjectName/AFNetworking/AFSecurityPolicy.m:52
*** Terminating app due to uncaught exception 'NSInternalInconsistencyException',
reason: 'Invalid parameter not satisfying: allowedCertificate'
以下是调用服务器的代码:
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.responseSerializer = [AFJSONResponseSerializer serializer];
[self setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]];
[manager POST:@"https://www.example.com/" parameters:params success:^(AFHTTPRequestOperation *operation, id responseObject) {
//success
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
//failure
}];
我把钉扎模式改成了AFSSLPinningModeCertificate,但运气不好。
当我删除这行时:
[self setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]];
服务器以错误消息进行响应:
"The operation couldn't be completed. (NSURLErrorDomain error -1012.)"
证书是使用OpenSSL创建的,我甚至尝试了StartSSL.com 的免费证书
至于Apache服务器端,以下是虚拟主机配置:
# My custom host
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot "/path/to/folder"
SSLEngine on
SSLCipherSuite HIGH:!aNULL:!MD5
SSLCertificateFile /path/to/www.example.com.cer
SSLCertificateKeyFile /path/to/www.example.com.key
<Directory "/the/directory/">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
ErrorLog "logs/mysite.local-error_log"
</VirtualHost>
并且服务器确实监听443端口
您的证书文件的格式似乎不正确。您的代码在以下行失败(AFURLConnectionOperation/pinnedPublicKeys):
SecCertificateRef allowedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)data);
NSParameterAssert(allowedCertificate);
当我的证书看起来像这样时,我也出现了同样的错误(在AFNetworking 1.1上,但版本应该无关紧要):
-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE-----
我使用以下答案中的命令将证书转换为x509格式,从而解决了这个问题:
openssl x509 -in adn.crt -outform der -out "adn.der"
之后,我将adn.der重命名回adn.cer('.cer'似乎是AFNetworking的预期扩展),现在一切都很好。
问题不在AFNetworkings方面,而是在iOS上:您需要在设备上安装自签名证书,因为iOS安全设置禁止连接到不受信任的源。
您可以通过在iOS设备上打开证书(将其邮寄给自己并打开)并按照安装说明添加自签名证书作为可信来源。
如果需要,您可以通过更改安全策略来禁用无效证书检查。
[self setAllowInvalidCertificates:YES];
请阅读文档中的更多内容:http://cocoadocs.org/docsets/AFNetworking/2.0.3/Classes/AFSecurityPolicy.html#//api/name/allowInvalidCertificates
您还可以固定证书:http://cocoadocs.org/docsets/AFNetworking/2.0.3/Classes/AFSecurityPolicy.html#//api/name/pinnedCertificates
此网站可能会帮助用户解决此问题http://www.indelible.org/ink/trusted-ssl-certificates/
示例
https://github.com/AFNetworking/AFNetworking/tree/1.x