4

我正在使用 ASIHTTPRequest v1.8.1 发出 HTTPS 请求。问题是它在 iOS 5.0 和 5.0.1 上不起作用,而在 5.1 和 5.1.1 上却可以正常工作。代码很简单:

__block ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:RemoteNotiURL]];
[request setPostValue:@"i" forKey:@"plat"];
[request setPostValue:token forKey:@"token"];
[request setValidatesSecureCertificate:NO];

[request setCompletionBlock:^{
    NSLog(@"done");
}];

[request setFailedBlock:^{
    NSLog(@"error = %@", [request error]);

}];

[request startAsynchronous];

RemoteNotiURL是一个类似https://xxx.example.com的 URL

错误是:

error = Error Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)" UserInfo=0x18460b0 {NSUnderlyingError=0x1853ab0 "The operation couldn’t be completed. (OSStatus error -9800.)", NSLocalizedDescription=A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)}

我能做些什么呢?

4

1 回答 1

13

正如@JosephH 所说,解决方案涉及修改 ASIHTTPRequest.m 以更改 sslProperties 字典的 kCFStreamSSLLevel 属性。在这个文件中寻找评论// Tell CFNetwork not to validate SSL certificates

在此评论下有一个 if 子句

if (![self validatesSecureCertificate]) {
        // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html

        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                       [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                       kCFNull,kCFStreamSSLPeerName,
                                       nil];

        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];
    }

像这样修改 if 子句

if (![self validatesSecureCertificate]) {
        // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html

        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                       [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                       kCFNull,kCFStreamSSLPeerName,
                                       @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
                                       nil];

        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];
    }else {
        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                       [NSNumber numberWithBool:NO], kCFStreamSSLAllowsExpiredCertificates,
                                       [NSNumber numberWithBool:NO], kCFStreamSSLAllowsAnyRoot,
                                       [NSNumber numberWithBool:YES],  kCFStreamSSLValidatesCertificateChain,
                                       @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
                                       nil];

        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];
    }

这应该使请求再次起作用。验证 SSL 证书的请求和不验证它们的请求。

在 IOS 5.0.1 和 5.1.1 上测试。

希望这可以帮助。

于 2012-05-31T06:37:10.930 回答