Alamofire 请求失败,因为证书但在 Postman 上工作
Alamofire fail request because certificate but work on Postman
我在执行一项请求时遇到问题。
使用 Postman 此请求会出现一个警告“证书链中的自签名证书”
如果你想试试这里的卷曲:
curl --location --request GET 'https://app-server.iot.i.tplinknbu.com/v1/server-info' \
--header 'Content-Type: application/json' \
--header 'app-cid: app:TP-Link_Tapo_Android:98-3B-16-96-48-EB' \
--data-raw ''
但是使用 Almofire 或来自 iOS 的默认请求系统失败了:
2020-11-22 23:47:50.192188+0000 App [4483:1574605] Task <E6235AC9-2246-4F32-BB17-CB969F244030>.<2> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
2020-11-22 23:47:50.195117+0000 App[4483:1574592] Task <E6235AC9-2246-4F32-BB17-CB969F244030>.<2> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x151093800) s: *.tplinknbu.com i: TP-LINK CA P1>",
"<cert(0x151094000) s: TP-LINK CA P1 i: tp-link-CA>",
"<cert(0x15106e200) s: tp-link-CA i: tp-link-CA>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://app-server.iot.i.tplinknbu.com/v1/server-info, NSErrorFailingURLStringKey=https://app-server.iot.i.tplinknbu.com/v1/server-info, NSUnderlyingError=0x282b23e10 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281760f30>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x151093800) s: *.tplinknbu.com i: TP-LINK CA P1>",
"<cert(0x151094000) s: TP-LINK CA P1 i: tp-link-CA>",
"<cert(0x15106e200) s: tp-link-CA i: tp-link-CA>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <E6235AC9-2246-4F32-BB17-CB969F244030>.<2>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <E6235AC9-2246-4F32-BB17-CB969F244030>.<2>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281760f30>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
这是我正在使用的代码:
info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSAllowsLocalNetworking</key>
<true/>
</dict>
代码:
let defaultManager: ServerTrustManager = {
let serverTrustPolicies: [String: ServerTrustEvaluating] = [
"tplinknbu.com": DisabledTrustEvaluator(),
"tplinknbu.com:443": DisabledTrustEvaluator()
]
return Alamofire.ServerTrustManager(evaluators: serverTrustPolicies)
}()
let pathURL = URL(string: "https://app-server.iot.i.tplinknbu.com/v1/server-info")
var request = URLRequest(url: pathURL!)
request.setValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpMethod = HTTPMethod.get.rawValue
let dataRequest = Session(serverTrustManager: defaultManager, eventMonitors: [AlamofireLogger()]).request(request).responseJSON {
(response) in
switch response.result {
case .failure(let error):
print(error)
default: break
}
}
我做错了什么?
P.S。如果我使用代理工具 Proxyman 并激活他们在 iPhone 上拥有的 Proxyman 证书,那么在 iOS app
上一切正常
您必须完全匹配您正在使用的主机。也就是说 tplinknbu.com 不匹配 app-server.iot.i.tplinknbu.com。您还应该调查直接看到的错误,因为它们可能包含有用的信息。
就像@Shivam Gaur 所说的那样,您不应该像那样内联创建 Session 实例。您需要以类似单例的方式使它们的引用保持活动状态,以便请求可以完成。
我在执行一项请求时遇到问题。
使用 Postman 此请求会出现一个警告“证书链中的自签名证书”
如果你想试试这里的卷曲:
curl --location --request GET 'https://app-server.iot.i.tplinknbu.com/v1/server-info' \
--header 'Content-Type: application/json' \
--header 'app-cid: app:TP-Link_Tapo_Android:98-3B-16-96-48-EB' \
--data-raw ''
但是使用 Almofire 或来自 iOS 的默认请求系统失败了:
2020-11-22 23:47:50.192188+0000 App [4483:1574605] Task <E6235AC9-2246-4F32-BB17-CB969F244030>.<2> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
2020-11-22 23:47:50.195117+0000 App[4483:1574592] Task <E6235AC9-2246-4F32-BB17-CB969F244030>.<2> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x151093800) s: *.tplinknbu.com i: TP-LINK CA P1>",
"<cert(0x151094000) s: TP-LINK CA P1 i: tp-link-CA>",
"<cert(0x15106e200) s: tp-link-CA i: tp-link-CA>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://app-server.iot.i.tplinknbu.com/v1/server-info, NSErrorFailingURLStringKey=https://app-server.iot.i.tplinknbu.com/v1/server-info, NSUnderlyingError=0x282b23e10 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281760f30>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x151093800) s: *.tplinknbu.com i: TP-LINK CA P1>",
"<cert(0x151094000) s: TP-LINK CA P1 i: tp-link-CA>",
"<cert(0x15106e200) s: tp-link-CA i: tp-link-CA>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <E6235AC9-2246-4F32-BB17-CB969F244030>.<2>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <E6235AC9-2246-4F32-BB17-CB969F244030>.<2>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281760f30>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}
这是我正在使用的代码:
info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSAllowsLocalNetworking</key>
<true/>
</dict>
代码:
let defaultManager: ServerTrustManager = {
let serverTrustPolicies: [String: ServerTrustEvaluating] = [
"tplinknbu.com": DisabledTrustEvaluator(),
"tplinknbu.com:443": DisabledTrustEvaluator()
]
return Alamofire.ServerTrustManager(evaluators: serverTrustPolicies)
}()
let pathURL = URL(string: "https://app-server.iot.i.tplinknbu.com/v1/server-info")
var request = URLRequest(url: pathURL!)
request.setValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpMethod = HTTPMethod.get.rawValue
let dataRequest = Session(serverTrustManager: defaultManager, eventMonitors: [AlamofireLogger()]).request(request).responseJSON {
(response) in
switch response.result {
case .failure(let error):
print(error)
default: break
}
}
我做错了什么?
P.S。如果我使用代理工具 Proxyman 并激活他们在 iPhone 上拥有的 Proxyman 证书,那么在 iOS app
上一切正常您必须完全匹配您正在使用的主机。也就是说 tplinknbu.com 不匹配 app-server.iot.i.tplinknbu.com。您还应该调查直接看到的错误,因为它们可能包含有用的信息。
就像@Shivam Gaur 所说的那样,您不应该像那样内联创建 Session 实例。您需要以类似单例的方式使它们的引用保持活动状态,以便请求可以完成。