ios - https 使用自签名证书的问题
漂亮男人
漂亮男人 2017-05-02 09:38:04
0
1
1008

对于https 使用自签名证书,我有如下几个疑问:

1.网上看的资料对于自签名证书都需要在客户端倒入证书,然后验证证书的,如果不验证证书,直接使用发过来的发过来的凭证进行通信有什么风险和问题?

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    //1)获取trust object
    SecTrustRef trust = challenge.protectionSpace.serverTrust;
    NSURLCredential *cred = [NSURLCredential credentialForTrust:trust];
        [challenge.sender useCredential:cred forAuthenticationChallenge:challenge];
  }
  1. 我经常在网上看到这样一段代码,你觉得这段代码是怎样验证的?

 NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
    __block NSURLCredential *credential = nil;
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        disposition = NSURLSessionAuthChallengeUseCredential;
        credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
    } else {
        disposition = NSURLSessionAuthChallengePerformDefaultHandling;
    }
    
    if (completionHandler) {
        completionHandler(disposition, credential);
    }
漂亮男人
漂亮男人

reply all(1)
曾经蜡笔没有小新

1. Direct requests without verifying the certificate are problematic.
2. The other side first determines whether the certificate server is trustworthy, and then handles the certificate accordingly. See iOS HTTPs for details.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template