你是否遇到了這種情況,好不容易AFN 訪問https接口成功了但是圖片加載不出來?傳了
SDWebImageAllowInvalidSSLCertificates 沒效果(這種情況只適用於CA我覺得),
網上眾多的在SDWebimageDownloader.m中添加URLSession代理方法也不行 如果是下面這種和我遇到了同樣的問題 請接着看
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler{ NSLog(@"證書認證"); if ([[[challenge protectionSpace] authenticationMethod] isEqualToString: NSURLAuthenticationMethodServerTrust]) { do{ SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust]; NSCAssert(serverTrust != nil, @"serverTrust is nil"); if(nil == serverTrust) break; /* failed */ /** * 導入多張CA證書(Certification Authority,支持SSL證書以及自簽名的CA),請替換掉你的證書名稱 */ NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"證書名字_cerName" ofType:@"cer"]; //自簽名證書 NSData* caCert = [NSData dataWithContentsOfFile:cerPath]; NSCAssert(caCert != nil, @"caCert is nil"); if(nil == caCert) break; /* failed */ SecCertificateRef caRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)caCert); NSCAssert(caRef != nil, @"caRef is nil"); if(nil == caRef) break; /* failed */ //可以添加多張證書 NSArray *caArray = @[(__bridge id)(caRef)]; NSCAssert(caArray != nil, @"caArray is nil"); if(nil == caArray) break; /* failed */ //將讀取的證書設置為服務端幀數的根證書 OSStatus status = SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)caArray); NSCAssert(errSecSuccess == status, @"SecTrustSetAnchorCertificates failed"); if(!(errSecSuccess == status)) break; /* failed */ SecTrustResultType result = -1; //通過本地導入的證書來驗證服務器的證書是否可信 status = SecTrustEvaluate(serverTrust, &result); if(!(errSecSuccess == status)) break; /* failed */ NSLog(@"stutas:%d",(int)status); NSLog(@"Result: %d", result); BOOL allowConnect = (result == kSecTrustResultUnspecified) || (result == kSecTrustResultProceed); if (allowConnect) { NSLog(@"success"); }else { NSLog(@"error"); } /* kSecTrustResultUnspecified and kSecTrustResultProceed are success */ if(! allowConnect) { break; /* failed */ } #if 0 /* Treat kSecTrustResultConfirm and kSecTrustResultRecoverableTrustFailure as success */ /* since the user will likely tap-through to see the dancing bunnies */ if(result == kSecTrustResultDeny || result == kSecTrustResultFatalTrustFailure || result == kSecTrustResultOtherError) break; /* failed to trust cert (good in this case) */ #endif // The only good exit point NSLog(@"信任該證書"); NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; completionHandler(NSURLSessionAuthChallengeUseCredential,credential); return [[challenge sender] useCredential: credential forAuthenticationChallenge: challenge ]; }while(0); } // Bad dog NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge,credential); return [[challenge sender] cancelAuthenticationChallenge: challenge]; }
卻總是
證書認證
stutas:0
Result: 5
error
不明就理?
是否覺得后台沒有升級TSL1.2有問題但是后台說沒有堅持不下?
看這里。。。。
我們用AFN的代碼來驗證證書不就好了,為了不改動 SDWebimageDownloader.m的源碼避免以后升級出錯我們建個分類.h
#import "SDWebImageDownloader+AFNhttps.h"
@interface SDWebImageDownloader (AFNhttps)<NSURLSessionDelegate>
@end
.m
#import <AFNetworking.h>
#import <SDWebImageDownloader.h>
#import "SDWebImageDownloader+AFNhttps.h"
@implementation SDWebImageDownloader (AFNhttps)
+(AFSecurityPolicy *)customSecurityPolicy {
//先導入證書到項目
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"你的證書" ofType:@"cer"];//證書的路徑
NSData *cerData = [NSData dataWithContentsOfFile:cerPath];
//AFSSLPinningModeCertificate使用證書驗證模式
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
//如果是需要驗證自建證書,需要設置為YES
securityPolicy.allowInvalidCertificates = YES;
//validatesDomainName 是否需要驗證域名,默認為YES;
securityPolicy.validatesDomainName = NO;
NSSet *cerDataSet = [NSSet setWithArray:@[cerData]];
securityPolicy.pinnedCertificates = cerDataSet;
return securityPolicy;
}
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler {
NSLog(@"證書認證");
SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];
[[SDWebImageDownloader customSecurityPolicy]evaluateServerTrust:serverTrust forDomain:nil];
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling,credential);
return [[challenge sender] useCredential: credential
forAuthenticationChallenge: challenge];
}
@end
就這樣用AFN的代碼驗證SDWebImage的https圖片了