通过 Alamofire 和自签名证书保护 JSON 请求
Secure JSON Request via Alamofire and Self-Signed Certificates
我希望我的 swift 应用允许在 node.js 上发送 https 请求,然后发送 postgre 以避免“中间人”。
1. 从浏览器运行正常。
2. 从本地 Mac OS 它工作正常。
3. 但是从 iOS 应用程序它根本不起作用 - 错误 9843
Swift代码:
import Foundation
import Alamofire
class NetworkManager {
static let sharedInstance = NetworkManager()
let manager: Alamofire.SessionManager = {
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"https://sensemp.ru:51342/employee/req": .pinCertificates(
certificates: ServerTrustPolicy.certificates(),
validateCertificateChain: true,
validateHost: true),
"sensemp.ru:51342/employee/req": .disableEvaluation
]
let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = Alamofire.SessionManager.defaultHTTPHeaders
return Alamofire.SessionManager(
configuration: configuration,
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}()
}
和视图控制器:
override func viewDidLoad() {
super.viewDidLoad()
//...
NetworkManager.sharedInstance.manager.request("https://sensemp.ru:51342/employee/req", method: .get).responseJSON{ response in
switch response.result {
case .success(let value):
let json = JSON(value)
print("JSON: \(json)")
case .failure(let error):
print(error)
}
}
}
问题在于使用自签名证书。
2020-05-06 22:21:21.256942+0300 AlamofireExample[32310:690636] Connection 1: default TLS Trust evaluation failed(-9843)
2020-05-06 22:21:21.257176+0300 AlamofireExample[32310:690636] Connection 1: TLS Trust encountered error 3:-9843
2020-05-06 22:21:21.257331+0300 AlamofireExample[32310:690636] Connection 1: encountered error(3:-9843)
Apple 对此有何评论
我的自签名证书有什么问题?
从 apple 开发团队找到相同的案例和答案:
https://forums.developer.apple.com/thread/42555
所以 TLSTool ./TLSTool s_client -connect sensemp.ru:51342 说我:
输入流确实打开了
输出流确实打开了
输出流有space
协议:TLS 1.2
密码:ECDHE_RSA_WITH_AES_128_GCM_SHA256
信任结果:继续
证书信息:
0 + rsaEncryption 2048 sha256-with-rsa-signature 'sensemp.ru'
如何解决这个问题?
P.S.: Mac OS 卡特琳娜 10.15.4 | iOS13.4.1 | nginx/1.17.9 | PostgreSQL 12 | SSL
提前致谢
let manager: Alamofire.SessionManager = {
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"https://sensemp.ru": .pinCertificates(
certificates: ServerTrustPolicy.certificates(),
validateCertificateChain: true,
validateHost: true),
"sensemp.ru": .disableEvaluation
]
- 将主机的 IP 添加到证书 DNS 部分
我希望我的 swift 应用允许在 node.js 上发送 https 请求,然后发送 postgre 以避免“中间人”。 1. 从浏览器运行正常。 2. 从本地 Mac OS 它工作正常。 3. 但是从 iOS 应用程序它根本不起作用 - 错误 9843
Swift代码:
import Foundation
import Alamofire
class NetworkManager {
static let sharedInstance = NetworkManager()
let manager: Alamofire.SessionManager = {
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"https://sensemp.ru:51342/employee/req": .pinCertificates(
certificates: ServerTrustPolicy.certificates(),
validateCertificateChain: true,
validateHost: true),
"sensemp.ru:51342/employee/req": .disableEvaluation
]
let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = Alamofire.SessionManager.defaultHTTPHeaders
return Alamofire.SessionManager(
configuration: configuration,
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}()
}
和视图控制器:
override func viewDidLoad() {
super.viewDidLoad()
//...
NetworkManager.sharedInstance.manager.request("https://sensemp.ru:51342/employee/req", method: .get).responseJSON{ response in
switch response.result {
case .success(let value):
let json = JSON(value)
print("JSON: \(json)")
case .failure(let error):
print(error)
}
}
}
问题在于使用自签名证书。
2020-05-06 22:21:21.256942+0300 AlamofireExample[32310:690636] Connection 1: default TLS Trust evaluation failed(-9843)
2020-05-06 22:21:21.257176+0300 AlamofireExample[32310:690636] Connection 1: TLS Trust encountered error 3:-9843
2020-05-06 22:21:21.257331+0300 AlamofireExample[32310:690636] Connection 1: encountered error(3:-9843)
Apple 对此有何评论
我的自签名证书有什么问题?
从 apple 开发团队找到相同的案例和答案:
https://forums.developer.apple.com/thread/42555
所以 TLSTool ./TLSTool s_client -connect sensemp.ru:51342 说我:
输入流确实打开了
输出流确实打开了
输出流有space
协议:TLS 1.2
密码:ECDHE_RSA_WITH_AES_128_GCM_SHA256
信任结果:继续
证书信息:
0 + rsaEncryption 2048 sha256-with-rsa-signature 'sensemp.ru'
如何解决这个问题?
P.S.: Mac OS 卡特琳娜 10.15.4 | iOS13.4.1 | nginx/1.17.9 | PostgreSQL 12 | SSL
提前致谢
let manager: Alamofire.SessionManager = {
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"https://sensemp.ru": .pinCertificates(
certificates: ServerTrustPolicy.certificates(),
validateCertificateChain: true,
validateHost: true),
"sensemp.ru": .disableEvaluation
]
- 将主机的 IP 添加到证书 DNS 部分