使用自签名根证书的 SSLHandshake 失败 (-9808)
SSLHandshake failed (-9808) with self-signed root certificate
我有带有 REST 的自定义硬件设备 API。设备具有自签名根证书。我正在尝试进行简单的 GET 调用,但我的所有请求都失败了:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
更多描述:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
Error Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fa2fb219530>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, NSErrorPeerCertificateChainKey=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}, NSUnderlyingError=0x7fa2fb3018e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fa2fb219530>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9808, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk., NSErrorFailingURLKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorFailingURLStringKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorClientCertificateStateKey=0}
我在 AFHTTPSessionManger 子类中的代码是
NSData *myCertificate = [NSData dataWithContentsOfFile: [[NSBundle mainBundle] pathForResource:@"selfSignedRootCertificate" ofType:@"cer"]];
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
securityPolicy.validatesDomainName = NO;
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.pinnedCertificates = @[myCertificate];
并且我尝试根据 iOS 9.0
中的更改向 plist 添加异常
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
我不知道我做错了什么。我的观点是将我的自签名根证书固定到应用程序以便能够使用 https 连接。你能帮我告诉我正确的方法吗?
我有 AFNetworking (2.6.1)。
感谢您的帮助!
所以我终于找到了问题的根源。问题出在自定义硬件设备上的 ssl-library 中。在硬件上重新实现后,一切都很好。
我有带有 REST 的自定义硬件设备 API。设备具有自签名根证书。我正在尝试进行简单的 GET 调用,但我的所有请求都失败了:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
更多描述:
CFNetwork SSLHandshake failed (-9808)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
Error Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fa2fb219530>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, NSErrorPeerCertificateChainKey=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}, NSUnderlyingError=0x7fa2fb3018e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fa2fb219530>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9808, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9808, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7fa2fb20ffd0 [0x1016d37b0]>{type = immutable, count = 1, values = (
0 : <cert(0x7fa2f954a2e0) s: selfSignedRootCertificate i: selfSignedRootCertificate>
)}}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.68.97” which could put your confidential information at risk., NSErrorFailingURLKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorFailingURLStringKey=https://192.168.68.97/api/switch/ctrl?switch=1&action=on, NSErrorClientCertificateStateKey=0}
我在 AFHTTPSessionManger 子类中的代码是
NSData *myCertificate = [NSData dataWithContentsOfFile: [[NSBundle mainBundle] pathForResource:@"selfSignedRootCertificate" ofType:@"cer"]];
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
securityPolicy.validatesDomainName = NO;
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.pinnedCertificates = @[myCertificate];
并且我尝试根据 iOS 9.0
中的更改向 plist 添加异常<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
我不知道我做错了什么。我的观点是将我的自签名根证书固定到应用程序以便能够使用 https 连接。你能帮我告诉我正确的方法吗?
我有 AFNetworking (2.6.1)。
感谢您的帮助!
所以我终于找到了问题的根源。问题出在自定义硬件设备上的 ssl-library 中。在硬件上重新实现后,一切都很好。