Problem description
The HTTPDNS SDK for iOS returns an error similar to the following message.
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “XX.XX.XX.XX” (IP address), which could put your confidential information at risk, or NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)"Cause
The security certificate is self-signed and not authenticated by a trusted authority.
Solution
In the certificate verification step, modify the content as follows.
Objective-C- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain { serverTrust = AFChangeHostForTrust(serverTrust,domain); /* * Create a certificate validation policy. */ NSMutableArray *policies = [NSMutableArray array]; if (domain) { [policies addObject:(__bridge_transfer id) SecPolicyCreateSSL(true, (__bridge CFStringRef) domain)]; } else { [policies addObject:(__bridge_transfer id) SecPolicyCreateBasicX509()]; } /* * Attach the validation policy to the server-side certificate. */ SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef) policies); /* * Evaluate whether the current serverTrust is trusted. * Apple recommends that serverTrust can be authenticated if result = kSecTrustResultUnspecified or kSecTrustResultProceed. https://developer.apple.com/library/ios/technotes/tn2232/_index.html * For more information about SecTrustResultType, see SecTrust.h. */ SecTrustResultType result; SecTrustEvaluate(serverTrust, &result); if (result == kSecTrustResultRecoverableTrustFailure) { CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust); SecTrustSetExceptions(serverTrust, errDataRef); SecTrustEvaluate(serverTrust, &result); } return (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);}The following content is new.
Objective-Cif (result == kSecTrustResultRecoverableTrustFailure) { CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust); SecTrustSetExceptions(serverTrust, errDataRef); SecTrustEvaluate(serverTrust, &trustResult); }More information
To understand why this code is added to the SDK, see the following documents:
Applies to
HTTPDNS
该文章对您有帮助吗?