美文网首页iOS技术专题
AFNetworking 3.0 https请求忽略证书验证并添

AFNetworking 3.0 https请求忽略证书验证并添

作者: BobNee | 来源:发表于2016-08-29 13:51 被阅读696次
    1、修改AFNetworking中修改源码,在AFSecurityPolicy.m注释掉这几句
    - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust  
                      forDomain:(NSString *)domain  
    {  
    //    if (domain && self.allowInvalidCertificates && self.validatesDomainName && (self.SSLPinningMode == GMAFSSLPinningModeNone || [self.pinnedCertificates count] == 0)) {  
    //        // https://developer.apple.com/library/mac/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html  
    //        //  According to the docs, you should only trust your provided certs for evaluation.  
    //        //  Pinned certificates are added to the trust. Without pinned certificates,  
    //        //  there is nothing to evaluate against.  
    //        //  
    //        //  From Apple Docs:  
    //        //          "Do not implicitly trust self-signed certificates as anchors (kSecTrustOptionImplicitAnchors).  
    //        //           Instead, add your own (self-signed) CA certificate to the list of trusted anchors."  
    //        NSLog(@"In order to validate a domain name for self signed certificates, you MUST use pinning.");  
    //        return NO;  
    //    }  
    

    或者可以添加一个宏开关“openHttpsSSL”,便于控制,类似如下代码

    - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
                      forDomain:(NSString *)domain
    {
        if (openHttpsSSL && domain && self.allowInvalidCertificates && self.validatesDomainName && (self.SSLPinningMode == AFSSLPinningModeNone || [self.pinnedCertificates count] == 0)) {
            // https://developer.apple.com/library/mac/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html
            //  According to the docs, you should only trust your provided certs for evaluation.
            //  Pinned certificates are added to the trust. Without pinned certificates,
            //  there is nothing to evaluate against.
            //
            //  From Apple Docs:
            //          "Do not implicitly trust self-signed certificates as anchors (kSecTrustOptionImplicitAnchors).
            //           Instead, add your own (self-signed) CA certificate to the list of trusted anchors."
            NSLog(@"In order to validate a domain name for self signed certificates, you MUST use pinning.");
            return NO;
        }
    

    2、在使用的时候添加

    AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];  
                manager.responseSerializer = [AFHTTPResponseSerializer serializer];  
                manager.requestSerializer = [AFJSONRequestSerializer serializer];  
      
                AFSecurityPolicy *securityPolicy = [AFSecurityPolicy defaultPolicy];  
                // allowInvalidCertificates 是否允许无效证书(也就是自建的证书),默认为NO  
                // 如果是需要验证自建证书,需要设置为YES  
                securityPolicy.allowInvalidCertificates = YES;  
                manager.securityPolicy = securityPolicy;  
    

    3、如果需要在http 头里面添加用户名和密码验证,添加

    [request.operationManager.requestSerializer setAuthorizationHeaderFieldWithUsername:@"用户名" password:@"密码"];
    

    相关文章

      网友评论

        本文标题:AFNetworking 3.0 https请求忽略证书验证并添

        本文链接:https://www.haomeiwen.com/subject/pnbxettx.html