发表新帖
发表新帖

SSL Pinning with AFNetworking

前端 未结
关注
3 2085
[愿得一人]
[愿得一人] 2020-12-23 15:08

In my app I\'m using https and a self-signed SSL certificate to secure the connection between my client and the server.

I was trying to have the AFNetworking library

相关标签:
3条回答
  • 梦如初夏
    2020-12-23 16:05

    I got it working.

    I was in the situation where I had created a self-signed cert for to hit my own server API from my iOS App. I created my cert with OpenSSL. When I was done creating it, I had several files, one of which was "server.crt". Initially, I tried just renaming it to "server.cer", and using "AFSSLPinningModeCertificate" for my AFURLConnectionOperation objects. That did not work, and I noticed the example uses "AFSSLPinningModePublicKey", so I tried that, still no luck.

    So I compared my file (that was the renamed ".crt" file) to his.
    I noticed that "server.crt" was base64-encoded, and like this:

    -----BEGIN CERTIFICATE-----
394230AFDFD... 
-----END CERTIFICATE-----

    I noticed from Mattt's example in AFNetworking that the "adn.cer" file he uses is not base64-encoded. It is just raw bytes. So, I did this:

    $ base64 -D -i ./server.crt -o ./server.cer

    I set my AFURLConnectionOperation to AFSSLPinningModePublicKey.
    I put that back in the project and did a clean and build of my iOS project, and everything worked fine.

    Hope this helps!!

    Btw, you may notice that Xcode will display info for for your ".crt" or ".cer" key whether it is the base64 or the raw one, so don't let that confuse you. You should be able to see the certificate data in either case, it's just that AF will only accept the raw (non-base64) one.

    UPDATE:
    Anyone having trouble with base64, this what works for me on OS X using OpenSSL:

    $ openssl base64 -d -in ./server.crt -out ./server.cer
    0 讨论(0)
  • 無奈伤痛
    2020-12-23 16:05

    If you're using AFNetworking 2.x, and you're using the correct .cer but still receiving error code -1012 on your calls, you should disable validatesCertificateChain:

    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
securityPolicy.validatesCertificateChain = NO;

    or you can pass it all in the entire certificate chain in pinnedCertificates.

    0 讨论(0)
  • 遥遥无期
    2020-12-23 16:05

    Your certificate must have the extension cer not crt and should be in .der format. Add output file to your Xcode project.

    You can use following command:

    openssl x509 -in your.crt -out certificate_cer.cer -outform der

    0 讨论(0)
 看不清?
提交回复
热议问题