全部产品
云市场

HttpDns iOS : 报错 Code=-1202 此服务器的证书无效

更新时间:2020-02-03 10:24:02

具体报错详情:

  1. Error Domain=NSURLErrorDomain Code=-1202 "此服务器的证书无效。您可能正在连接到一个伪装成“XX.XX.XX.XX” (IP地址 )的服务器,这会威胁到您的机密信息的安全,或者 NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)"
可以调整上文提到的证书校验步骤,改为如下:
  1. Objective-C
  2. - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
  3. forDomain:(NSString *)domain {
  4. serverTrust = AFChangeHostForTrust(serverTrust,domain);
  5. /*
  6. * 创建证书校验策略
  7. */
  8. NSMutableArray *policies = [NSMutableArray array];
  9. if (domain) {
  10. [policies addObject:(__bridge_transfer id) SecPolicyCreateSSL(true, (__bridge CFStringRef) domain)];
  11. } else {
  12. [policies addObject:(__bridge_transfer id) SecPolicyCreateBasicX509()];
  13. }
  14. /*
  15. * 绑定校验策略到服务端的证书上
  16. */
  17. SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef) policies);
  18. /*
  19. * 评估当前serverTrust是否可信任,
  20. * 官方建议在result = kSecTrustResultUnspecified 或 kSecTrustResultProceed
  21. * 的情况下serverTrust可以被验证通过,https://developer.apple.com/library/ios/technotes/tn2232/_index.html
  22. * 关于SecTrustResultType的详细信息请参考SecTrust.h
  23. */
  24. SecTrustResultType result;
  25. SecTrustEvaluate(serverTrust, &result);
  26. if (result == kSecTrustResultRecoverableTrustFailure) {
  27. CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);
  28. SecTrustSetExceptions(serverTrust, errDataRef);
  29. SecTrustEvaluate(serverTrust, &result);
  30. }
  31. return (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
  32. }

注意添加了如下步骤 :

  1. Objective-C
  2. if (trustResult == kSecTrustResultRecoverableTrustFailure)
  3. {
  4. CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);
  5. SecTrustSetExceptions(serverTrust, errDataRef);
  6. SecTrustEvaluate(serverTrust, &trustResult);
  7. }