阻止ios5中的自签名SSL证书

我使用执行基本HTTP验证的代码，请参阅下文。这在IOS 5中工作正常。但是现在我们将协议更改为https，并且我们使用了伪造的自签名证书。它也工作！这看起来不安全。有人知道你是否需要用这种方法做某些事情来防止某些证书被接受？阻止ios5中的自签名SSL证书

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge: 
     (NSURLAuthenticationChallenge *)challenge { 

if ([challenge previousFailureCount] <= maxRetryCount) { 
    NSURLCredential *newCredential = 
    [NSURLCredential 
    credentialWithUser: userName 
    password:password 
    persistence:NSURLCredentialPersistenceForSession]; 

    [[challenge sender] 
    useCredential:newCredential 
    forAuthenticationChallenge:challenge]; 

    } 
    else 
    { 
    NSLog(@"Failure count %d",[challenge previousFailureCount]); 
    } 
}

来源

2011-12-19 Jan

看来我自己找到了答案。这会阻止无效的证书。仍然必须测试它是否在使用有效证书登录时工作。

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge: 
     (NSURLAuthenticationChallenge *)challenge { 

    if ([[[challenge protectionSpace] authenticationMethod] isEqualToString:@"NSURLAuthenticationMethodServerTrust"]) { 
     [[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge]; 
    } 
    else { 
     if ([challenge previousFailureCount] <= maxRetryCount) { 
     NSURLCredential *newCredential = 
     [NSURLCredential 
     credentialWithUser: userName 
     password:password 
     persistence:NSURLCredentialPersistenceForSession]; 

     [[challenge sender] 
     useCredential:newCredential 
     forAuthenticationChallenge:challenge]; 

     } 
     else 
     { 
     NSLog(@"Failure count %d",[challenge previousFailureCount]); 
     } 
    } 
}

来源

2011-12-22 09:21:32 Jan

请注意，有一个适当的'NSURLAuthenticationMethodServerTrust'常量应该用来代替 – 2012-11-10 20:29:39

阻止ios5中的自签名SSL证书

回答

相关问题