无法建立安全连接
Secure connection can't be made
使用: Alamofire 5, self-signed certificate.
证书存储在应用程序资源中
AlamofireExtension(Bundle.main).certificates - returns 它。
会话:
private let session: Session = {
let manager = ServerTrustManager(evaluators: ["com.my.host.here": PinnedCertificatesTrustEvaluator(certificates: AlamofireExtension(Bundle.main).certificates, acceptSelfSignedCertificates: true, performDefaultValidation: false, validateHost: false)])
let config = URLSessionConfiguration.default
config.timeoutIntervalForRequest = 60
config.timeoutIntervalForResource = 60
config.httpMaximumConnectionsPerHost = 2
return Session(configuration: config, serverTrustManager: manager)
}()
.plist配置:
目的 是使用自签名证书来验证服务器而不禁用验证并允许不安全的连接。
注意 com.my.host.here 不是我的真实主机名,出于隐私原因我更改了它。
结果如下:
Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
my_app[12152:5481718] Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://com.my.host.here:8043/some_end_point_here, NSErrorFailingURLStringKey=https://com.my.host.here:8043/some_end_point_here, NSUnderlyingError=0x281354870 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x282f35320>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x282f35320>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
问题是:问题是什么?是证书问题还是服务器端设置问题?也许还有别的东西?
您需要将 NSExceptionAllowsInsecureHTTPLoads 更改为 YES。
NSExceptionAllowsInsecureHTTPLoads
Set the value for this key to YES to allow insecure HTTP loads for the given domain, or to be able
to loosen the server trust evaluation requirements for HTTPS
connections to the domain, as described in Performing Manual Server
Trust Authentication.
使用: Alamofire 5, self-signed certificate.
证书存储在应用程序资源中
AlamofireExtension(Bundle.main).certificates - returns 它。
会话:
private let session: Session = {
let manager = ServerTrustManager(evaluators: ["com.my.host.here": PinnedCertificatesTrustEvaluator(certificates: AlamofireExtension(Bundle.main).certificates, acceptSelfSignedCertificates: true, performDefaultValidation: false, validateHost: false)])
let config = URLSessionConfiguration.default
config.timeoutIntervalForRequest = 60
config.timeoutIntervalForResource = 60
config.httpMaximumConnectionsPerHost = 2
return Session(configuration: config, serverTrustManager: manager)
}()
.plist配置:
目的 是使用自签名证书来验证服务器而不禁用验证并允许不安全的连接。
注意 com.my.host.here 不是我的真实主机名,出于隐私原因我更改了它。
结果如下:
Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
my_app[12152:5481718] Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://com.my.host.here:8043/some_end_point_here, NSErrorFailingURLStringKey=https://com.my.host.here:8043/some_end_point_here, NSUnderlyingError=0x281354870 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x282f35320>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x282f35320>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
问题是:问题是什么?是证书问题还是服务器端设置问题?也许还有别的东西?
您需要将 NSExceptionAllowsInsecureHTTPLoads 更改为 YES。
NSExceptionAllowsInsecureHTTPLoads
Set the value for this key to YES to allow insecure HTTP loads for the given domain, or to be able to loosen the server trust evaluation requirements for HTTPS connections to the domain, as described in Performing Manual Server Trust Authentication.