为什么 IOS SSL 握手会因另一端的受信任证书而失败
Why would IOS SSL handshake fail with a trusted certificate at the other end
我的 swift iOS 应用程序无法通过 aerogear 统一推送服务器注册远程通知,出现错误,看起来服务器上的证书是自签名证书,尽管它是常规证书由证书颁发机构签署的受信任的。
这发生在 didRegisterForRemoteNotificationsWithDeviceToken 调用委托期间,根据 aerogear 推送服务器示例完成注册本身:
let registration = AGDeviceRegistration(serverURL: NSURL(string: dynConfig.pushURL));
registration.registerWithClientInfo({ (clientInfo:AGClientDeviceInformation!) -> Void in
...
这是错误轨迹
2016-04-08 16:22:35.158 Myapp[284:35797] Registration :https://server.mydomain.net:8443/ag-push/
2016-04-08 16:24:23.412 Myapp[284:35797] OK
2016-04-08 16:24:23.419 Myapp[284:35797] _BSMachError: (os/kern) invalid capability (20)
2016-04-08 16:24:23.420 Myapp[284:35797] _BSMachError: (os/kern) invalid name (15)
2016-04-08 16:24:23.553 Myapp[284:35797] OK
2016-04-08 16:24:23.558 Myapp[284:35797] OK
2016-04-08 16:24:23.574 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.615 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.662 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.713 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.716 Myapp[284:36046] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-04-08 16:24:38.229 Myapp[284:35797] Push registration error :Error Domain=NSURLErrorDomain Code=-1200 "Une erreur SSL s’est produite et il est impossible d’établir une connexion sécurisée avec le serveur." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Souhaitez-vous tout de même vous connecter au serveur ?, NSUnderlyingError=0x12cdf9ee0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=Une erreur SSL s’est produite et il est impossible d’établir une connexion sécurisée avec le serveur., NSErrorFailingURLKey=https://server.mydomain.net:8443/ag-push/rest/registry/device, NSErrorFailingURLStringKey=https://server.mydomain.net:8443/ag-push/rest/registry/device, _kCFStreamErrorDomainKey=3}
您的 API 呼叫似乎被 App Transport Security 阻止了。
尝试将以下内容添加到您的 .plist 文件中:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mydomain.net</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
我的 swift iOS 应用程序无法通过 aerogear 统一推送服务器注册远程通知,出现错误,看起来服务器上的证书是自签名证书,尽管它是常规证书由证书颁发机构签署的受信任的。
这发生在 didRegisterForRemoteNotificationsWithDeviceToken 调用委托期间,根据 aerogear 推送服务器示例完成注册本身:
let registration = AGDeviceRegistration(serverURL: NSURL(string: dynConfig.pushURL));
registration.registerWithClientInfo({ (clientInfo:AGClientDeviceInformation!) -> Void in
...
这是错误轨迹
2016-04-08 16:22:35.158 Myapp[284:35797] Registration :https://server.mydomain.net:8443/ag-push/
2016-04-08 16:24:23.412 Myapp[284:35797] OK
2016-04-08 16:24:23.419 Myapp[284:35797] _BSMachError: (os/kern) invalid capability (20)
2016-04-08 16:24:23.420 Myapp[284:35797] _BSMachError: (os/kern) invalid name (15)
2016-04-08 16:24:23.553 Myapp[284:35797] OK
2016-04-08 16:24:23.558 Myapp[284:35797] OK
2016-04-08 16:24:23.574 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.615 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.662 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.713 Myapp[284:36046] CFNetwork SSLHandshake failed (-9824)
2016-04-08 16:24:23.716 Myapp[284:36046] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-04-08 16:24:38.229 Myapp[284:35797] Push registration error :Error Domain=NSURLErrorDomain Code=-1200 "Une erreur SSL s’est produite et il est impossible d’établir une connexion sécurisée avec le serveur." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Souhaitez-vous tout de même vous connecter au serveur ?, NSUnderlyingError=0x12cdf9ee0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=Une erreur SSL s’est produite et il est impossible d’établir une connexion sécurisée avec le serveur., NSErrorFailingURLKey=https://server.mydomain.net:8443/ag-push/rest/registry/device, NSErrorFailingURLStringKey=https://server.mydomain.net:8443/ag-push/rest/registry/device, _kCFStreamErrorDomainKey=3}
您的 API 呼叫似乎被 App Transport Security 阻止了。 尝试将以下内容添加到您的 .plist 文件中:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mydomain.net</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>