iOS和SSL：无法validation自签名服务器证书

我对使用SSL通道使用Web服务相当陌生。 经过相当不错的search后，我发现了一种使用NSURLConnection委托API来执行SSL / HTTPS身份validation的方法。 以下是执行实际身份validation的代码片段：

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { [self printLogToConsole:@"Authenticating...."]; [self printLogToConsole:[NSString stringWithFormat:@"\n%@\n", [challenge description]]]; NSLog(@"\n\nserverTrust: %@\n", [[challenge protectionSpace] serverTrust]); /* Extract the server certificate for trust validation */ NSURLProtectionSpace *protectionSpace = [challenge protectionSpace]; assert(protectionSpace); SecTrustRef trust = [protectionSpace serverTrust]; assert(trust); CFRetain(trust); // Make sure this thing stays around until we're done with it NSURLCredential *credential = [NSURLCredential credentialForTrust:trust]; /* On iOS * we need to convert it to 'der' certificate. It can be done easily through Terminal as follows: * $ openssl x509 -in certificate.pem -outform der -out rootcert.der */ NSString *path = [[NSBundle mainBundle] pathForResource:@"rootcert" ofType:@"der"]; assert(path); NSData *data = [NSData dataWithContentsOfFile:path]; assert(data); /* Set up the array of certificates, we will authenticate against and create credentials */ SecCertificateRef rtCertificate = SecCertificateCreateWithData(NULL, CFBridgingRetain(data)); const void *array[1] = { rtCertificate }; trustedCerts = CFArrayCreate(NULL, array, 1, &kCFTypeArrayCallBacks); CFRelease(rtCertificate); // for completeness, really does not matter /* Build up the trust anchor using our root cert */ int err; SecTrustResultType trustResult = 0; err = SecTrustSetAnchorCertificates(trust, trustedCerts); if (err == noErr) { err = SecTrustEvaluate(trust, &trustResult); } CFRelease(trust); // OK, now we're done with it [self printLogToConsole:[NSString stringWithFormat:@"trustResult: %d\n", trustResult]]; /* http://developer.apple.com/library/mac/#qa/qa1360/_index.html */ BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultConfirm) || (trustResult == kSecTrustResultUnspecified)); // Return based on whether we decided to trust or not if (trusted) { [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; [self printLogToConsole:@"Success! Trust validation successful."]; } else { [self printLogToConsole:@"Failed! Trust evaluation failed for service root certificate.\n"]; [[challenge sender] cancelAuthenticationChallenge:challenge]; } 

}

但是我得到以下错误：

 2012-06-11 17:10:12.541 SecureLogin[3424:f803] Error during connection: Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn't be completed. (NSURLErrorDomain error -1012.)" UserInfo=0x682c790 {NSErrorFailingURLKey=https://staging.esecure.url/authentication/signin/merchants, NSErrorFailingURLStringKey=https://staging.esecure.url/authentication/signin/merchants} 

我正在使用从服务器获得的相同证书，并将其转换为“der”格式。 我正在构buildiOS 5.x的应用程序。 我不确定我是否错过了某些东西。 让我知道你的build议。

谢谢。

编辑在此处检查证书后，输出如何显示：

让我知道如果有什么问题。

谢谢。

 success = NO; pServerCert = SecTrustGetLeafCertificate(trust); if (clientCert != NULL) { CFDataRef clientCertData; CFDataRef serverCertData; clientCertData = SecCertificateCopyData(clientCert); serverCertData = SecCertificateCopyData(pServerCert); assert(clientCertData != NULL); assert(serverCertData != NULL); success = CFEqual(clientCertData, serverCertData); CFRelease(clientCertData); CFRelease(serverCertData); } if (success) { [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; [self printLogToConsole:@"Success! Trust validation successful."]; } else { [self printLogToConsole:@"Failed! Trust evaluation failed for service root certificate.\n"]; [[challenge sender] cancelAuthenticationChallenge:challenge]; } 

• 上传PDF文件（从文档目录）通过Web服务在iPhone？
• iOS发布到Facebook应用程序墙上

• 无法将企业应用安装到未注册UUID的设备上
• RxSwift和警报
• 我如何使用正则expression式来引用一个语句
• Xcode 5到Xcode 4项目运行
• 一年中两个NSDates之间的天数很快
• 每周在特定的date和时间发出通知
• 为什么我停止使用情节提要和Interface Builder
• 如何将mov转换为MP4设备上的iOS
• LandScape /人像尺寸与iOS不同