iOS - (kCFStreamErrorDomainSSL, -9813)

喜夏-厌秋 提交于 2020-01-07 05:08:24

问题


I'm getting (kCFStreamErrorDomainSSL, -9813) when connecting to a client's server.

The client's server has a self signed certificate that I can not change. The app is using AFNetworking 3.x. I've tried the following but nothing seems to work.

If someone could help me, it will be much appreciated.

Info.plist:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
        <true/>

        <key>NSExceptionDomains</key>
        <dict>
            <key> *** CLIENT HOSTNAME *** </key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.0</string>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>

    </dict>

AFNetworking connection manager:

AFHTTPSessionManager *manager = [[AFHTTPSessionManager alloc]initWithSessionConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];

#ifdef USE_SELF_SIGNED_CERT_RULES
    manager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
    manager.securityPolicy.allowInvalidCertificates = YES;
    manager.securityPolicy.validatesDomainName = YES;
#endif

回答1:


I had the same problem. I tried your solution but it did not work. Settings allowInvalidCertificates , validatesDomainName and AFSSLPinningModeCertificate did not solved my problem. After going through lots of googling I saw the structure of AFSecurityPolicy this class.

There is a function in this class

- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
              forDomain:(nullable NSString *)domain;

You have to subclass the AFSecurityPolicy and return YES in its implementation. Then you will be able to connect to your server.

My client server was also self-signed.

Settings properties on AFSecurityPolicy does not solve the problem, I wonder why.



来源:https://stackoverflow.com/questions/38719075/ios-kcfstreamerrordomainssl-9813

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!