CFNetwork SSLHandshake 因 AFNetworking 2.0、自签名 cer 和 [policy setAllowInvalidCertificates:YES] 而失败

Posted 2023-02-24

【中文标题】CFNetwork SSLHandshake 因 AFNetworking 2.0、自签名 cer 和 [policy setAllowInvalidCertificates:YES] 而失败

【英文标题】：CFNetwork SSLHandshake failed with AFNetworking 2.0, self-signed cer and [policy setAllowInvalidCertificates:YES]

【发布时间】：2014-04-10 14:25:23

【问题描述】：

我正在使用 AFNetworking 2。 我的项目包中有一个自签名的根 CA 证书 我允许无效证书：[policy setAllowInvalidCertificates:YES]; 我的网址是https://

因此，理论上应该接受自签名证书。

AFSecurityPolicy

AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
[policy setAllowInvalidCertificates:YES];

AFHTTPRequestOperationManager

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
[manager setResponseSerializer:[AFHTTPResponseSerializer serializer]];
[manager setRequestSerializer:[AFJSONRequestSerializer serializer]];
[manager setSecurityPolicy:policy];

[manager POST:url
   parameters:dictionary
      success:^(AFHTTPRequestOperation *operation, id responseObject) 
          // Process Response Object
          NSLog(@"JSON: %@", [responseObject description]);

 failure:^(AFHTTPRequestOperation *operation, NSError *error) 
        // Handle Error
        NSLog(@"Failure Error: %@", [error description]);
];

所以显然没有什么问题。

我的日志：

2014-04-10 15:05:40.412 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.092 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.732 https_AF2[5548:3607] CFNetwork SSLHandshake failed (-9800)
2014-04-10 15:05:41.734 https_AF2[5548:3607] NSURLConnection/CFURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9800)
2014-04-10 15:05:41.736 https_AF2[5548:60b] Failure Error: Error Domain=NSURLErrorDomain 
Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
UserInfo=0x8d6af80 
NSErrorFailingURLStringKey=https://(myUrl)/userLogin,
NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,
NSErrorFailingURLKey=https://(myUrl)/userLogin,
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., 
NSUnderlyingError=0x8cb4920 "An SSL error has occurred and a secure connection to the server cannot be made."

我能想象的唯一原因是服务器配置不正确。

解决这个问题的任何想法都会很棒！

【参考方案1】：

我知道问题出在哪里。最后，问题不在 ios 代码中。问题出在我给出的网址中。

网址中的一个小改动解决了所有问题。

来自：https://www.domain.com:8080/api/userLogin 给https://domain.com/api/userLogin

就这么简单。

我不会删除这个问题，因为将来有人可能会遇到同样的问题。

【参考方案2】：

AFSecurityPolicy，您可以尝试将 validate DomainName 设置为 NO

policy.validatesDomainName = NO;