In order to validate a domain name for self signed certificates, you MUST use pinning

这是AFNetWorking使用自签证书时出现的问题。
allowInvalidCertificates这个属性为YES的话是验证自建证书,但是像我们公司有钱,花钱整得https的话就NO喽。

/**这个方法真的很好,减少了网络创建的TCP的三次握手,直接复用TCP的链接
 *  所有的HTTP请求共享一个AFHTTPSessionManager,原理参考地址:http://www.jianshu.com/p/5969bbb4af9f
 *  + (void)initialize该初始化方法在当用到此类时候只调用一次
 */
+ (void)initialize
{
    _manager = [AFHTTPSessionManager manager];
    
    AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
    //如果是需要验证自建证书,需要设置为YES
    [securityPolicy setAllowInvalidCertificates:NO];
    [_manager setSecurityPolicy:securityPolicy];

HTTPS步骤:
1.从服务器要来 .crt格式的证书,然后用Mac钥匙串打开,然后导出 .cer格式的证书
2.把 .cer证书导入程序的 NSBundle中。

NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"test" ofType:@"cer"];
NSData *cerData = [NSData dataWithContentsOfFile:cerPath];
NSSet *cerSet = [[NSSet alloc]initWithObjects:cerData, nil];
AFSecurityPolicy *securityPoliy = [AFSecurityPolicy defaultPolicy];
//allowInvalidCertificates 是否允许无效证书(也就是自建的证书),默认为NO
//如果是需要验证自建证书,需要设置为YES
securityPoliy.allowInvalidCertificates = YES;
securityPoliy.validatesDomainName = NO;
//设置证书
[securityPoliy setPinnedCertificates:cerSet];
[dxClient setSecurityPolicy:securityPoliy];

你可能感兴趣的:(In order to validate a domain name for self signed certificates, you MUST use pinning)