Unable to trust a self signed certificate on iphon

2019-02-13 10:57发布

I am currently trying to connect to a server with a self signed certificate. I am using NSURLConnection to connect to the server. How can I make sure that I only trust the right server and cancel all other connections? I am using the following code

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {  

    SecTrustResultType results;
    SecTrustRef trust = [[challenge protectionSpace] serverTrust];

    SecTrustEvaluate(trust, &results);

    if (results == kSecTrustResultProceed || results == kSecTrustResultConfirm) {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    } else {
        [challenge.sender cancelAuthenticationChallenge:challenge];
    }

}

Currently SecTrustEvaluate always returns with results equal to kSecTrustResultRecoverableTrustFailure. I have installed a configuration profile with the certificate on the phone using the iphone configuration utility and it is marked as verified but it did not change the results.

Can anyone help me get a trust result of either kSecTrustResultProceed or kSecTrustResultConfirm for a self signed certificate?

标签： iphone objective-c cocoa-touch ssl https

1条回答

男人必须洒脱

2楼-- · 2019-02-13 11:19

You'll need to make sure that your certificate has certain extensions. I configured a certificate with the following extensions, and it worked for me (OpenSSL format):

basicConstraints=critical,CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=IP:192.168.x.y

0人赞添加讨论(0) 举报

Unable to trust a self signed certificate on iphon

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间