AFNetworking 3.0 https请求忽略证书验证并添
2016-08-29 本文已影响696人
BobNee
1、修改AFNetworking中修改源码,在AFSecurityPolicy.m注释掉这几句
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
forDomain:(NSString *)domain
{
// if (domain && self.allowInvalidCertificates && self.validatesDomainName && (self.SSLPinningMode == GMAFSSLPinningModeNone || [self.pinnedCertificates count] == 0)) {
// // https://developer.apple.com/library/mac/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html
// // According to the docs, you should only trust your provided certs for evaluation.
// // Pinned certificates are added to the trust. Without pinned certificates,
// // there is nothing to evaluate against.
// //
// // From Apple Docs:
// // "Do not implicitly trust self-signed certificates as anchors (kSecTrustOptionImplicitAnchors).
// // Instead, add your own (self-signed) CA certificate to the list of trusted anchors."
// NSLog(@"In order to validate a domain name for self signed certificates, you MUST use pinning.");
// return NO;
// }
或者可以添加一个宏开关“openHttpsSSL”,便于控制,类似如下代码
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
forDomain:(NSString *)domain
{
if (openHttpsSSL && domain && self.allowInvalidCertificates && self.validatesDomainName && (self.SSLPinningMode == AFSSLPinningModeNone || [self.pinnedCertificates count] == 0)) {
// https://developer.apple.com/library/mac/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html
// According to the docs, you should only trust your provided certs for evaluation.
// Pinned certificates are added to the trust. Without pinned certificates,
// there is nothing to evaluate against.
//
// From Apple Docs:
// "Do not implicitly trust self-signed certificates as anchors (kSecTrustOptionImplicitAnchors).
// Instead, add your own (self-signed) CA certificate to the list of trusted anchors."
NSLog(@"In order to validate a domain name for self signed certificates, you MUST use pinning.");
return NO;
}
2、在使用的时候添加
AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];
manager.responseSerializer = [AFHTTPResponseSerializer serializer];
manager.requestSerializer = [AFJSONRequestSerializer serializer];
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy defaultPolicy];
// allowInvalidCertificates 是否允许无效证书(也就是自建的证书),默认为NO
// 如果是需要验证自建证书,需要设置为YES
securityPolicy.allowInvalidCertificates = YES;
manager.securityPolicy = securityPolicy;
3、如果需要在http 头里面添加用户名和密码验证,添加
[request.operationManager.requestSerializer setAuthorizationHeaderFieldWithUsername:@"用户名" password:@"密码"];
