https/tcp ssh/tls

针对非自建证书 AFN中调整https的处理方法


// https 处理
+ (AFSecurityPolicy*)customSecurityPolicy {
    // 证书
    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"server" ofType:@"cer"];//证书的路径
    NSData *certData = [NSData dataWithContentsOfFile:cerPath];
    // AFSSLPinningModeCertificate 使用证书验证模式
    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
    
    // 如果是需要验证自建证书,需要设置为YES
    securityPolicy.allowInvalidCertificates = NO;
    
    //validatesDomainName 是否需要验证域名,默认为YES;
    //如置为NO,建议自己添加对应域名的校验逻辑。
    securityPolicy.validatesDomainName = NO;
    securityPolicy.pinnedCertificates = [NSSet setWithObjects:certData, nil];
    return securityPolicy;
}

GCDAsyncSocket中 TLS调整

正对自建证书使用以下方案

stackoverflow回答

非自建证书

用以下替换


- (void)socket:(GCDAsyncSocket *)sock didReceiveTrust:(SecTrustRef)trust completionHandler:(void (^)(BOOL shouldTrustPeer))completionHandler {
    completionHandler(YES);
    return;
}

你可能感兴趣的:(https/tcp ssh/tls)