我正在使用iOS 10.我正在评估自签名证书,如下所示
-(void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];
if ([protectionSpace authenticationMethod] == NSURLAuthenticationMethodServerTrust) {
SecTrustRef trust = [protectionSpace serverTrust];
SecPolicyRef policyOverride = SecPolicyCreateSSL(true, (CFStringRef)@"HOSTNAME");
SecTrustSetPolicies(trust, policyOverride);
CFMutableArrayRef certificates = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
/* Copy the certificates from the original trust object */
CFIndex count = SecTrustGetCertificateCount(trust);
CFIndex i=0;
for (i = 0; i < count; i++) {
SecCertificateRef item = SecTrustGetCertificateAtIndex(trust, i);
CFArrayAppendValue(certificates, item);
}
/* Create a new trust object */
SecTrustRef newtrust = NULL;
if (SecTrustCreateWithCertificates(certificates, policyOverride, &newtrust) != errSecSuccess) {
/* Probably a good spot to log something. */
NSLog(@"Error in SecTrustCreateWithCertificates");
[connection cancel];
return;
}
CFRelease(policyOverride);
/* Re-evaluate the trust policy. */
SecTrustResultType secresult = kSecTrustResultInvalid;
if (SecTrustEvaluate(trust, &secresult) != errSecSuccess) {
/* Trust evaluation failed. */
[connection cancel];
// Perform other cleanup here, as needed.
return;
}
switch (secresult) {
//case kSecTrustResultInvalid:
//case kSecTrustResultRecoverableTrustFailure:
case kSecTrustResultUnspecified: // The OS trusts this certificate implicitly.
case kSecTrustResultProceed: // The user explicitly told the OS to trust it.
{
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
return;
}
default: ;
/* It's somebody else's key. Fall through. */
[challenge.sender performDefaultHandlingForAuthenticationChallenge:challenge];
break;
}
/* The server sent a key other than the trusted key. */
[connection cancel];
// Perform other cleanup here, as needed.
}
}
评估后的结果是’kSecTrustResultUnspecified’,并且再次以递归方式调用相同的方法’willSendRequestForAuthenticationChallenge’.不确定为什么要递归调用该方法.让我知道代码的任何问题.
谢谢
最佳答案 有几个解决方案,我认为最简单的解决方案是
here.总之,您需要检查[challenge previousFailureCount]以防止反复重新输入方法.
否则,从Apple API文档中,我会建议类似于this的东西,它使用不推荐的委托回调,但可能适合你.