到目前为止,我已经尝试过我所见过的任何解决方案,但没有任何效果。
据我了解,通过将 Allow Arbitrary Loads = YES 放在我的 info.plist 文件的应用程序传输安全设置中,它应该关闭所有 ATS。
即使这样,我得到NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
如果我检查我的服务器:
nscurl -ats-diagnostics --verbose https://apps-test.mydomain.com
所有测试通过!
如果我尝试使用 TLSTool 检查我的服务器设置,我会得到以下信息:
mac08:bin brent$ TLSTool s_client -connect apps-test.mydomain.com:443
* input stream did open
* output stream did open
* output stream has space
* protocol: TLS 1.2
* cipher: RSA_WITH_AES_256_GCM_SHA384
* trust result: unspecified
* certificate info:
* 0 rsaEncryption 2048 sha256-with-rsa-signature '*.mydomain.com'
* 1 rsaEncryption 2048 sha256-with-rsa-signature 'Go Daddy Secure Certificate Authority - G2'
* 2 rsaEncryption 2048 sha256-with-rsa-signature 'Go Daddy Root Certificate Authority - G2'
我写了一个简单的 iOS 应用程序,它只是尝试在运行时执行以下操作......
NSString *url = @"https://apps-test.cticore.com/Home";
NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:url]];
NSURLConnection *conn = [NSURLConnection connectionWithRequest:request delegate:self];
我将应用程序传输安全设置设置为允许任意加载 = YES
我还打开了 NSURLConnection 调试。它给了我以下信息:
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:1] 08:24:09.547 {
LoaderWhatToDo
Request: <CFURL 0x7cb74030 [0xd25098]>{string = https://apps-test.MyDomain.com/Home, encoding = 134217984, base = (null)}
CachePolicy: 0
WhatToDo: originload
CreateToNow: 0.00942s
} [1:1]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:2] 08:24:09.549 {
AddCookies Continue: request GET https://apps-test.MyDomain.com/Home HTTP/1.1
HTTPProtocol: Task: 7c87a8c0
} [1:2]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:3] 08:24:09.550 {
DiskCookieStorage Construction: Binary{ Disk Cookies: { /Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, <0 cookies in 0 domains> clean not writing } }
Accessing: <CFURL 0x7cb6b700 [0xd25098]>{string = file:///Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, encoding = 134217984, base = (null)}
Path: /Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies
Read from disk: <0 cookies in 0 domains>
Dirty: NO
Writing: NO
Policy: 2
} [1:3]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:4] 08:24:09.550 {
DiskCookieStorage Journaling On: Binary{ Disk Cookies: { /Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, <0 cookies in 0 domains> clean not writing } }
File: <CFURL 0x7be766e0 [0xd25098]>{string = file:///Users/brent/Library/Developer/CoreSimulator/Devices/013D0A33-776E-4E2A-9C55-304C7D907E9B/data/Containers/Data/Application/0D457292-BD0C-4F46-B141-6E600FF618ED/Library/Cookies/com.MyDomain.gas2.SSLTest.binarycookies, encoding = 134217984, base = (null)}
} [1:4]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:5] 08:24:09.550 {
Protocol Enqueue: request GET https://apps-test.MyDomain.com/Home HTTP/1.1
Request: <CFURLRequest 0x7cb63780 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Message: GET https://apps-test.MyDomain.com/Home HTTP/1.1
} [1:5]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:6] 08:24:09.961 {
Client Cert Requested
} [1:6]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:7] 08:24:09.961 {
Authentication Challenge
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Challenge: challenge space https://apps-test.MyDomain.com:443/, ClientCertificateRequested (Hash 9b9ca083)
} [1:7]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:8] 08:24:09.961 {
Use Credential
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Credential: null
} [1:8]
Feb 1 08:24:09 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:9] 08:24:09.962 {
touchConnection
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Timeout Interval: 60.000 seconds
} [1:9]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:10] 08:24:09.962 {
Peer certificate
Subject Sum: *.MyDomain.com
Summary: Go Daddy Secure Certificate Authority - G2
} [1:10]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:11] 08:24:10.072 {
Authentication Challenge
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Challenge: challenge space https://apps-test.MyDomain.com:443/, ServerTrustEvaluationRequested (Hash 9b9ca083)
} [1:11]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:12] 08:24:10.072 {
Use Credential
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Credential: null
} [1:12]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:13] 08:24:10.072 {
touchConnection
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Timeout Interval: 60.000 seconds
} [1:13]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:14] 08:24:10.073 {
Response Error
Request: <CFURLRequest 0x7cb63780 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=1, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorCodeKey=-9813, _kCFStreamErrorDomainKey=3, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7e173fa0>, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7c96a670 [0xd25098]>{type = immutable, count = 1, values = (
0 : <cert(0x7cb624b0) s: *.MyDomain.com i: Go Daddy Secure Certificate Authority - G2>
)}}
} [1:14]
Feb 1 08:24:10 SSLTest[70323] <Notice>: CFNetwork Diagnostics [1:15] 08:24:10.074 {
Did Fail
Loader: <CFURLRequest 0x7c878af0 [0xd25098]> {url = https://apps-test.MyDomain.com/Home, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=1, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorCodeKey=-9813, _kCFStreamErrorDomainKey=3, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7e173fa0>, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7c96a670 [0xd25098]>{type = immutable, count = 1, values = (
0 : <cert(0x7cb624b0) s: *.MyDomain.com i: Go Daddy Secure Certificate Authority - G2>
)}}
init to origin load: 0.010781s
total time: 0.53556s
total bytes: 0
} [1:15]
我可以看到它正在失败,但我无法弄清楚我能做些什么来让它不会失败!
关闭所有 ATS 不应该让任何事情通过吗?
这一切都是因为我们的 Go Daddy 证书没有使用正确的密码吗?
为什么所有 TLS 检查都通过我的 Mac 上的命令行通过,但尝试通过我的超级简单应用程序运行时,我无法连接。
我意识到这是一篇很长的帖子,但我已经尝试了所有能找到的方法来解决这个问题,但没有任何效果。帮助。
更新:
如果我允许任意加载并将以下内容添加到我的 NSURLSessionDelegate 中,我可以让我的 Swift 示例正常工作
func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Void) {
var disposition: NSURLSessionAuthChallengeDisposition = .PerformDefaultHandling
var credential: NSURLCredential?
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
disposition = NSURLSessionAuthChallengeDisposition.UseCredential
credential = NSURLCredential(forTrust: challenge.protectionSpace.serverTrust!)
} else {
if challenge.previousFailureCount > 0 {
disposition = .CancelAuthenticationChallenge
} else {
credential = session.configuration.URLCredentialStorage?.defaultCredentialForProtectionSpace(challenge.protectionSpace)
if credential != nil {
disposition = .UseCredential
}
}
}
completionHandler(disposition, credential)
}
然而,这个解决方案并不理想,因为我想让 ATS 在我现有的服务器上正常工作。
有谁知道在我的服务器端实际修复问题以使 ATS 正常工作的步骤是什么?