HTTPDNS for iOS: Error Code=-1202 The certificate for this server is invalid

更新时间:
复制 MD 格式

Problem description

The HTTPDNS SDK for iOS returns an error similar to the following message.

Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “XX.XX.XX.XX” (IP address), which could put your confidential information at risk, or NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)"

Cause

The security certificate is self-signed and not authenticated by a trusted authority.

Solution

In the certificate verification step, modify the content as follows.

Objective-C- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust                  forDomain:(NSString *)domain {    serverTrust = AFChangeHostForTrust(serverTrust,domain);    /*     * Create a certificate validation policy.     */    NSMutableArray *policies = [NSMutableArray array];    if (domain) {        [policies addObject:(__bridge_transfer id) SecPolicyCreateSSL(true, (__bridge CFStringRef) domain)];    } else {        [policies addObject:(__bridge_transfer id) SecPolicyCreateBasicX509()];    }    /*     * Attach the validation policy to the server-side certificate.     */    SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef) policies);    /*     * Evaluate whether the current serverTrust is trusted.     * Apple recommends that serverTrust can be authenticated if result = kSecTrustResultUnspecified or kSecTrustResultProceed. https://developer.apple.com/library/ios/technotes/tn2232/_index.html     * For more information about SecTrustResultType, see SecTrust.h.     */    SecTrustResultType result;    SecTrustEvaluate(serverTrust, &result);    if (result == kSecTrustResultRecoverableTrustFailure) {        CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);        SecTrustSetExceptions(serverTrust, errDataRef);        SecTrustEvaluate(serverTrust, &result);    }    return (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);}

The following content is new.

Objective-Cif (result == kSecTrustResultRecoverableTrustFailure)    {        CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);        SecTrustSetExceptions(serverTrust, errDataRef);        SecTrustEvaluate(serverTrust, &trustResult);    }

More information

To understand why this code is added to the SDK, see the following documents:

Applies to

  • HTTPDNS