一、介紹
在項目開發中,服務端和客戶端的協作尤為重要,而連接它們的最重要的環節之一就是網絡請求,對於服務端而言,如果這個環節出現了錯誤,那么安全性就無從談起,同時對於客戶端而言,如果這個模塊出現了錯誤,那么后續的開發就無法繼續進行下去。誠然,當網絡請求真的出現了問題,快速定位問題的源頭就顯得迫在眉睫了。本博文提供三種定位問題源頭的方法,判斷是服務端的原因,還是客戶端的原因,避免大家找問題浪費大量的無用功。
二、ATS
一個配置網絡請求方式的配置字段,NSAppTranportSecurity下的 Allow Arbitrary Loads,設置為NO,默認所有的網絡請求都必須走HTTPS(SSL/TLS)協議;如果設置為YES,即是全局設置,既可以走HTTP協議,也可以走HTPPS(SSL/TLS)協議。
三、問題定位方式(查看網絡請求的詳細log日志)
第一種方式:配置CFNETWORK_DIAGNOSTICS=1
步驟:打開xcode的項目,找到edit scheme中的run,然后選擇Arguments,給Envaironment Variables添加CFNETWORK_DIAGNOSTICS=1,最后運行程序發送網絡請求即可。此時在consolelog控制器會給出網絡請求詳細的log日志文件路徑,根據路徑找到就OK了。配置如圖:
點擊按鈕測試發送請求,我以我公司的官方來測試(本公司服務端已做了https配置)
// ViewController.m // RequestDemo // Created by 夏遠全 on 16/12/25. // Copyright © 2016年 廣州市東德網絡科技有限公司. All rights reserved. #import "ViewController.h" @interface ViewController () @end @implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; self.view.backgroundColor = [UIColor whiteColor]; //發送請求 UIButton *requestBtn = [[UIButton alloc] initWithFrame:CGRectMake(140, 200, 200, 80)]; requestBtn.backgroundColor = [UIColor redColor]; [requestBtn setTitle:@"requestSend" forState:UIControlStateNormal]; [requestBtn setTitleColor:[UIColor greenColor] forState:UIControlStateNormal]; [requestBtn addTarget:self action:@selector(requestSend) forControlEvents:UIControlEventTouchUpInside]; [self.view addSubview:requestBtn]; } //發送請求 -(void)requestSend{ NSURL *URL = [NSURL URLWithString:@"https://www.biaojiepay.com"]; NSURLRequest *request = [NSURLRequest requestWithURL:URL]; [NSURLConnection sendAsynchronousRequest:request queue:[NSOperationQueue currentQueue] completionHandler:^(NSURLResponse * _Nullable response, NSData * _Nullable data, NSError * _Nullable connectionError) { NSLog(@"complete"); }]; } @end
打印的顯示log日志文件路徑如下:
2016-12-26 00:29:26.910 RequestDemo[966:51790] CFNetwork diagnostics log file created at: /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Logs/CrashReporter/CFNetwork_com.biaojiepay.RequestDemo_966.nwlrb.log 2016-12-26 00:29:27.049 RequestDemo[966:50107] complete
此時按照提供的路徑去訪問該文件查看,里面記錄了網絡請求的詳細日志信息
Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:1] 00:29:26.910 { LoaderWhatToDo Request: <CFURL 0x7ff8ea816690 [0x10420ba40]>{string = https://www.biaojiepay.com/, encoding = 134217984, base = (null)} CachePolicy: 0 WhatToDo: originload CreateToNow: 0.02034s } [1:1] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:2] 00:29:26.912 { AddCookies Continue: request GET https://www.biaojiepay.com/ HTTP/1.1 HTTPProtocol: Task: e8ca1fd0 } [1:2] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:3] 00:29:26.912 { DiskCookieStorage Construction: Binary{ Disk Cookies: { /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, <0 cookies in 0 domains> clean not writing } } Accessing: <CFURL 0x7ff8e8ead9f0 [0x10420ba40]>{string = file:///Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, encoding = 134217984, base = (null)} Path: /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies Read from disk: <0 cookies in 0 domains> Dirty: NO Writing: NO Policy: 2 } [1:3] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:4] 00:29:26.913 { DiskCookieStorage Journaling On: Binary{ Disk Cookies: { /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, <0 cookies in 0 domains> clean not writing } } File: <CFURL 0x7ff8e8caa490 [0x10420ba40]>{string = file:///Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, encoding = 134217984, base = (null)} } [1:4] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:5] 00:29:26.913 { Protocol Enqueue: request GET https://www.biaojiepay.com/ HTTP/1.1 Request: <CFURLRequest 0x7ff8ea816700 [0x10420ba40]> {url = https://www.biaojiepay.com/, cs = 0x0} Message: GET https://www.biaojiepay.com/ HTTP/1.1 } [1:5] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:6] 00:29:27.001 { Peer certificate Subject Sum: www.biaojiepay.com Summary: Symantec Basic DV SSL CA - G1 } [1:6] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:7] 00:29:27.008 { Authentication Challenge Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Challenge: challenge space https://www.biaojiepay.com:443/, ServerTrustEvaluationRequested (Hash c4e968442f77296) } [1:7] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:8] 00:29:27.008 { Use Credential Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Credential: null } [1:8] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:9] 00:29:27.009 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:9] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:10] 00:29:27.046 { Protocol Received: request GET https://www.biaojiepay.com/ HTTP/1.1 Response: HTTP/1.1 200 OK } [1:10] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:11] 00:29:27.046 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:11] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:12] 00:29:27.046 { destroyReadStream: request GET https://www.biaojiepay.com/ HTTP/1.1 Request: <CFURLRequest 0x7ff8ea816700 [0x10420ba40]> {url = https://www.biaojiepay.com/, cs = 0x0} sent: <CFNumber 0xb000000000000c53 [0x10420ba40]>{value = +197, type = kCFNumberSInt64Type} received: <CFNumber 0xb00000000000d213 [0x10420ba40]>{value = +3361, type = kCFNumberSInt64Type} cell sent: <CFNumber 0xb000000000000003 [0x10420ba40]>{value = +0, type = kCFNumberSInt64Type} cell received: <CFNumber 0xb000000000000003 [0x10420ba40]>{value = +0, type = kCFNumberSInt64Type} } [1:12] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:13] 00:29:27.047 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:13] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:14] 00:29:27.047 { Response Complete Request: <CFURLRequest 0x7ff8ea816700 [0x10420ba40]> {url = https://www.biaojiepay.com/, cs = 0x0} } [1:14] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:15] 00:29:27.047 { Did Finish Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} init to origin load: 0.021334s total time: 0.15739s total bytes: 10656 } [1:15] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:16] 00:29:27.048 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:16] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:17] 00:29:27.048 { ~HTTPProtocol: nullptr request Request: null sent: 197 received: 3361 cell sent: 0 cell received: 0 } [1:17] Dec 26 00:29:28 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:18] 00:29:28.914 { DiskCookieStorage Sync Request Forced: no isDirty: no isWriting: no File: <CFURL 0x7ff8e8eb0cb0 [0x10420ba40]>{string = file:///Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, encoding = 134217984, base = (null)} Journal: yes Mutations: 0 } [1:18]
第二種方式:采用mac自帶的命令行查看網絡請求日志,即/usr/bin/nscurl --ats-diagnostics --verbose https://www.biaojiepay.com(這個是帶上的測試網址)
使用該命令行發送請求測試,我以我公司的官方來測試(本公司服務端已做了https配置,所有驗證都會通過Pass)
終端運行結果如下:可以看到全都支持,所以pass通過
Last login: Sun Dec 25 23:55:12 on ttys003 FanLeideMacBook-Pro:~ FanLei$ /usr/bin/nscurl --ats-diagnostics --verbose https://www.biaojiepay.com Starting ATS Diagnostics Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://www.biaojiepay.com. A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error. ================================================================================ Default ATS Secure Connection --- ATS Default Connection ATS Dictionary: { } Result : PASS --- ================================================================================ Allowing Arbitrary Loads --- Allow All Loads ATS Dictionary: { NSAllowsArbitraryLoads = true; } Result : PASS --- ================================================================================ Configuring TLS exceptions for www.biaojiepay.com --- TLSv1.2 ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; }; }; } Result : PASS --- --- TLSv1.1 ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; }; }; } Result : PASS --- --- TLSv1.0 ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions for www.biaojiepay.com --- Disabling Perfect Forward Secrecy ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions and allowing insecure HTTP for www.biaojiepay.com --- Disabling Perfect Forward Secrecy and Allowing Insecure HTTP ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled for www.biaojiepay.com --- TLSv1.2 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for www.biaojiepay.com --- TLSv1.2 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ FanLeideMacBook-Pro:~ FanLei$
第三種方式:如果是服務端的問題,可以采用TLSTool來幫助你定位。(坑:TSLTool不能再Xcode8下編譯)
先下載工具編譯后,再在終端測試示例:我以我公司的官方來測試,端口443(本公司服務端已做了https配置,所有驗證都會通過Pass)
./TLSTool s_client -connect www.biaojiepay.com:443 GET https://www.biaojiepay.com HTTP/1.1 Host: www.biajiepay.com