SDWebImage 加载Https自签名证书图片

你是否遇到了这种情况，好不容易AFN 访问https接口成功了但是图片加载不出来？传了

SDWebImageAllowInvalidSSLCertificates 没效果（这种情况只适用于CA我觉得），

网上众多的在SDWebimageDownloader.m中添加URLSession代理方法也不行  如果是下面这种和我遇到了同样的问题  请接着看

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler{ NSLog(@"证书认证"); if ([[[challenge protectionSpace] authenticationMethod] isEqualToString: NSURLAuthenticationMethodServerTrust]) { do{ SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust]; NSCAssert(serverTrust != nil, @"serverTrust is nil"); if(nil == serverTrust) break; /* failed */ /** * 导入多张CA证书（Certification Authority，支持SSL证书以及自签名的CA），请替换掉你的证书名称 */ NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"证书名字_cerName" ofType:@"cer"]; //自签名证书 NSData* caCert = [NSData dataWithContentsOfFile:cerPath]; NSCAssert(caCert != nil, @"caCert is nil"); if(nil == caCert) break; /* failed */ SecCertificateRef caRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)caCert); NSCAssert(caRef != nil, @"caRef is nil"); if(nil == caRef) break; /* failed */ //可以添加多张证书 NSArray *caArray = @[(__bridge id)(caRef)]; NSCAssert(caArray != nil, @"caArray is nil"); if(nil == caArray) break; /* failed */ //将读取的证书设置为服务端帧数的根证书 OSStatus status = SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)caArray); NSCAssert(errSecSuccess == status, @"SecTrustSetAnchorCertificates failed"); if(!(errSecSuccess == status)) break; /* failed */ SecTrustResultType result = -1; //通过本地导入的证书来验证服务器的证书是否可信 status = SecTrustEvaluate(serverTrust, &result); if(!(errSecSuccess == status)) break; /* failed */ NSLog(@"stutas:%d",(int)status); NSLog(@"Result: %d", result); BOOL allowConnect = (result == kSecTrustResultUnspecified) || (result == kSecTrustResultProceed); if (allowConnect) { NSLog(@"success"); }else { NSLog(@"error"); } /* kSecTrustResultUnspecified and kSecTrustResultProceed are success */ if(! allowConnect) { break; /* failed */ } #if 0 /* Treat kSecTrustResultConfirm and kSecTrustResultRecoverableTrustFailure as success */ /* since the user will likely tap-through to see the dancing bunnies */ if(result == kSecTrustResultDeny || result == kSecTrustResultFatalTrustFailure || result == kSecTrustResultOtherError) break; /* failed to trust cert (good in this case) */ #endif // The only good exit point NSLog(@"信任该证书"); NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; completionHandler(NSURLSessionAuthChallengeUseCredential,credential); return [[challenge sender] useCredential: credential forAuthenticationChallenge: challenge ]; }while(0); } // Bad dog NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge,credential); return [[challenge sender] cancelAuthenticationChallenge: challenge]; }
却总是
 证书认证
 stutas:0
 Result: 5
 error
 不明就理？
是否觉得后台没有升级TSL1.2有问题但是后台说没有坚持不下？
看这里。。。。
我们用AFN的代码来验证证书不就好了，为了不改动 SDWebimageDownloader.m的源码避免以后升级出错我们建个分类

.h

#import "SDWebImageDownloader+AFNhttps.h"

@interface SDWebImageDownloader (AFNhttps)<NSURLSessionDelegate>

 @end

.m

#import <AFNetworking.h>

#import <SDWebImageDownloader.h>

#import "SDWebImageDownloader+AFNhttps.h"

@implementation SDWebImageDownloader (AFNhttps)

+(AFSecurityPolicy *)customSecurityPolicy {

    //先导入证书到项目

    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"你的证书" ofType:@"cer"];//证书的路径

    NSData *cerData = [NSData dataWithContentsOfFile:cerPath];

    //AFSSLPinningModeCertificate使用证书验证模式

    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];

    //如果是需要验证自建证书，需要设置为YES

    securityPolicy.allowInvalidCertificates = YES;

    //validatesDomainName 是否需要验证域名，默认为YES；

    securityPolicy.validatesDomainName = NO;

    NSSet *cerDataSet = [NSSet setWithArray:@[cerData]];

    securityPolicy.pinnedCertificates = cerDataSet;

    return securityPolicy;

}

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge

 completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler {

    NSLog(@"证书认证");

    SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];

    [[SDWebImageDownloader customSecurityPolicy]evaluateServerTrust:serverTrust forDomain:nil];

    

    NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];

    

    completionHandler(NSURLSessionAuthChallengePerformDefaultHandling,credential);

    return [[challenge sender] useCredential: credential

                  forAuthenticationChallenge: challenge];

}

@end

 就这样用AFN的代码验证SDWebImage的https图片了