Alamofire 4.0.1 SSL 请求失败(无法与服务器建立安全连接)
Alamofire 4.0.1 SSL Requests Failing (secure connection to the server cannot be made)
我是 Alamofire 的新手,但这应该非常简单,我不确定为什么我会 运行 遇到问题。
我正在使用 XCode8、Swift3 和 Alamofire 4.0.1,并为 iOS9.
构建
我正在访问的 URL 受到从 GoDaddy 获得的全新证书的保护。 Chrome 和 Safari 都可以在我的 MacBookPo 上加载安全站点,一切看起来都很好。
然而如下代码:
Alamofire.request(buildRequestString().addingPercentEncoding(withAllowedCharacters: NSCharacterSet.urlQueryAllowed)! ).validate().responseJSON { response in
switch response.result {
case .success(let data):
print(JSON(data))
case .failure(let error):
print(error)
}
}
导致以下错误:(不是出于安全原因我已经更换了我的 address/domain)
[] nw_coretls_read_one_record tls_handshake_process: [-9801]
[] nw_endpoint_flow_protocol_error [1.1 12.345.67.890:443 in_progress socket-flow (satisfied)] TLS protocol sent error: [-9801]
[] nw_endpoint_flow_protocol_disconnected [1.1 12.345.67.890:443 in_progress socket-flow (satisfied)] Output protocol disconnected
[] nw_endpoint_resolver_receive_report [1 sub.domain.ext:443 in_progress resolver (satisfied)] received child report:[1.1 12.345.67.890:443 failed socket-flow (satisfied)]
[] nw_connection_endpoint_report [1.1 12.345.67.890:443 failed socket-flow (satisfied)] reported event flow:failed_connect, error Error Domain=kNWErrorDomainTLS Code=-9801 "Security Error: -9801" UserInfo={NSDescription=Security Error: -9801}
[] nw_connection_endpoint_report [1 sub.domain.ext:443 failed resolver (satisfied)] reported event flow:failed_connect
[] __tcp_connection_start_block_invoke 1 sending event TCP_CONNECTION_EVENT_DISCONNECTED in response to state failed and error Error Domain=kNWErrorDomainTLS Code=-9801 "Security Error: -9801" UserInfo={NSDescription=Security Error: -9801}
[] tcp_connection_event_notify 1 event: TCP_CONNECTION_EVENT_DISCONNECTED, reason: nw_connection event, should deliver: true
[] tcp_connection_cancel 1
[] nw_endpoint_handler_cancel [1 sub.domain.ext:443 failed resolver (satisfied)]
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
[] nw_endpoint_handler_cancel [1.1 12.345.67.890:443 failed socket-flow (satisfied)]
[] nw_resolver_cancel_on_queue 0x600000101b00
[] -[NWConcrete_tcp_connection dealloc] 1
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x608000046e70 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://sub.domain.ext/api/v1/Assignment?query=%22%22&device=%22%22, NSErrorFailingURLStringKey=https://sub.domain.ext/api/v1/Assignment?query=%22%22&device=%22%22, _kCFStreamErrorDomainKey=3}
谁能告诉我为什么会出现此错误?看起来好像该站点不受信任,即使存在有效的证书也是如此。我需要调整 XCode 中的任何其他设置以允许此连接吗? Alamofire 文档似乎表明上面的代码是必要的。
总结评论,@OP 的网站不符合 Apple 的 iOS ATS 要求。当使用 SSL Labs, the site scored an F and indicated lack of support for TLS. While bypassing ATS could have been an option, the server's TLS configuration was improved using the IIS Crypto tool as described at https://scotthelme.co.uk/getting-an-a-on-the-qualys-ssl-test-windows-edition/
进行测试时
注意:请勿设置严格的传输安全而不知道它的作用。
这解决了问题。
我是 Alamofire 的新手,但这应该非常简单,我不确定为什么我会 运行 遇到问题。
我正在使用 XCode8、Swift3 和 Alamofire 4.0.1,并为 iOS9.
构建我正在访问的 URL 受到从 GoDaddy 获得的全新证书的保护。 Chrome 和 Safari 都可以在我的 MacBookPo 上加载安全站点,一切看起来都很好。
然而如下代码:
Alamofire.request(buildRequestString().addingPercentEncoding(withAllowedCharacters: NSCharacterSet.urlQueryAllowed)! ).validate().responseJSON { response in
switch response.result {
case .success(let data):
print(JSON(data))
case .failure(let error):
print(error)
}
}
导致以下错误:(不是出于安全原因我已经更换了我的 address/domain)
[] nw_coretls_read_one_record tls_handshake_process: [-9801]
[] nw_endpoint_flow_protocol_error [1.1 12.345.67.890:443 in_progress socket-flow (satisfied)] TLS protocol sent error: [-9801]
[] nw_endpoint_flow_protocol_disconnected [1.1 12.345.67.890:443 in_progress socket-flow (satisfied)] Output protocol disconnected
[] nw_endpoint_resolver_receive_report [1 sub.domain.ext:443 in_progress resolver (satisfied)] received child report:[1.1 12.345.67.890:443 failed socket-flow (satisfied)]
[] nw_connection_endpoint_report [1.1 12.345.67.890:443 failed socket-flow (satisfied)] reported event flow:failed_connect, error Error Domain=kNWErrorDomainTLS Code=-9801 "Security Error: -9801" UserInfo={NSDescription=Security Error: -9801}
[] nw_connection_endpoint_report [1 sub.domain.ext:443 failed resolver (satisfied)] reported event flow:failed_connect
[] __tcp_connection_start_block_invoke 1 sending event TCP_CONNECTION_EVENT_DISCONNECTED in response to state failed and error Error Domain=kNWErrorDomainTLS Code=-9801 "Security Error: -9801" UserInfo={NSDescription=Security Error: -9801}
[] tcp_connection_event_notify 1 event: TCP_CONNECTION_EVENT_DISCONNECTED, reason: nw_connection event, should deliver: true
[] tcp_connection_cancel 1
[] nw_endpoint_handler_cancel [1 sub.domain.ext:443 failed resolver (satisfied)]
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
[] nw_endpoint_handler_cancel [1.1 12.345.67.890:443 failed socket-flow (satisfied)]
[] nw_resolver_cancel_on_queue 0x600000101b00
[] -[NWConcrete_tcp_connection dealloc] 1
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x608000046e70 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://sub.domain.ext/api/v1/Assignment?query=%22%22&device=%22%22, NSErrorFailingURLStringKey=https://sub.domain.ext/api/v1/Assignment?query=%22%22&device=%22%22, _kCFStreamErrorDomainKey=3}
谁能告诉我为什么会出现此错误?看起来好像该站点不受信任,即使存在有效的证书也是如此。我需要调整 XCode 中的任何其他设置以允许此连接吗? Alamofire 文档似乎表明上面的代码是必要的。
总结评论,@OP 的网站不符合 Apple 的 iOS ATS 要求。当使用 SSL Labs, the site scored an F and indicated lack of support for TLS. While bypassing ATS could have been an option, the server's TLS configuration was improved using the IIS Crypto tool as described at https://scotthelme.co.uk/getting-an-a-on-the-qualys-ssl-test-windows-edition/
进行测试时注意:请勿设置严格的传输安全而不知道它的作用。
这解决了问题。