1
如果主机位于可信列表中,我希望允许使用NSURLConnection的自签名证书。使用NSURLConnection处理自签名证书
我看到很多人做着这样的:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
if (allowSelfSignedCertForThisHost) {
NSLog(@"Allowing self signed!");
return YES;
}
}
return NO;
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
if ([trustedHosts containsObject:challenge.protectionSpace.host]) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
}
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
不过,我想知道你为什么会调用useCredential:forAuthenticationChallenge
而且continueWithoutCredentialForAuthenticationChallenge
之后。
这不可行 - 它是由我连接的主机发送的。 –
@将会下载并安装。你不需要私钥。只需证书就足够了。 –
是否会有任何代码更改来识别此自定义证书?这看起来更简单,更安全。 –