防止ios5中的自签名SSL证书
我使用基本HTTP身份validation的代码,请参阅下文。 这在IOS 5中工作正常。但现在我们将协议更改为https,我们使用假的自签名证书。 它也有效! 这似乎不安全。 有人知道你是否需要用这种方法来做某些事情来防止某些证书被接受?
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge { if ([challenge previousFailureCount] <= maxRetryCount ) { NSURLCredential *newCredential = [NSURLCredential credentialWithUser: userName password:password persistence:NSURLCredentialPersistenceForSession]; [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge]; } else { NSLog(@"Failure count %d",[challenge previousFailureCount]); } } 看来我自己find了答案。 这将阻止无效的证书。 仍然必须testing在使用有效证书login时是否工作。
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge { if ([[[challenge protectionSpace] authenticationMethod] isEqualToString:@"NSURLAuthenticationMethodServerTrust"]) { [[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge]; } else { if ([challenge previousFailureCount] <= maxRetryCount ) { NSURLCredential *newCredential = [NSURLCredential credentialWithUser: userName password:password persistence:NSURLCredentialPersistenceForSession]; [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge]; } else { NSLog(@"Failure count %d",[challenge previousFailureCount]); } } }