Problems with SSL Pinning and AFNetworking 2.5.0 (NSURLErrorDomain error -1012.)

后端未结

关注

 9  2001

爱一瞬间的悲伤 2020-12-07 20:45

We’ve been having a hard time securing our app’s network connections with SSL using AFNetworking 2.5.0.

We use a self-signed certificate authority and implemented a

9条回答

囚心锁ツ (楼主)

2020-12-07 21:14

- (AFSecurityPolicy *)securityPolicy {
    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"*.something.co.in" ofType:@"cer"];
    NSData *certData = [NSData dataWithContentsOfFile:cerPath];
    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
    [securityPolicy setAllowInvalidCertificates:YES];
    [securityPolicy setPinnedCertificates:@[certData]];
    [securityPolicy setValidatesDomainName:NO];
    [securityPolicy setValidatesCertificateChain:NO];
    return securityPolicy;
}

This worked for me for some reason. Still not sure how this changes things because other connections in my app work without taking all these steps.

This is what the error generating security policy looks like -

- (AFSecurityPolicy *)securityPolicy {
    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"*.something.co.in" ofType:@"cer"];
    NSData *certData = [NSData dataWithContentsOfFile:cerPath];
    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
    [securityPolicy setAllowInvalidCertificates:NO];
    [securityPolicy setPinnedCertificates:@[certData]];
    [securityPolicy setValidatesDomainName:YES];
    return securityPolicy;
}

Now sticking to the "Don't fix if it ain't broken" rule

0 讨论(0)

查看其它9个回答