无法建立安全连接

Question

使用：Alamofire 5，self-signed certificate。

证书存储在应用程序资源中。

AlamofireExtension(Bundle.main).certificates -返回它。

会话

    private let session: Session = {
        let manager = ServerTrustManager(evaluators: ["com.my.host.here": PinnedCertificatesTrustEvaluator(certificates: AlamofireExtension(Bundle.main).certificates, acceptSelfSignedCertificates: true, performDefaultValidation: false, validateHost: false)])
        let config = URLSessionConfiguration.default
        config.timeoutIntervalForRequest = 60
        config.timeoutIntervalForResource = 60
        config.httpMaximumConnectionsPerHost = 2
        return Session(configuration: config, serverTrustManager: manager)
    }()   

.plist配置：

​

目的是使用自签名证书来验证服务器，而不禁用验证并允许不安全的连接。

Note com.my.host.here不是我的真实主机名，我更改它是出于隐私原因。

这里的结果是：

Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])   

my_app[12152:5481718] Task <715E277D-6BAA-4926-91AA-1060903D2924>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
    "<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://com.my.host.here:8043/some_end_point_here, NSErrorFailingURLStringKey=https://com.my.host.here:8043/some_end_point_here, NSUnderlyingError=0x281354870 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x282f35320>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
    "<cert(0x160039a00) s: com.my.host.here i: com.my.host.here>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>"
), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <715E277D-6BAA-4926-91AA-1060903D2924>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x282f35320>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}

问题是：问题是什么？这是证书的问题还是服务器端设置的问题？也许还有别的事？

Answer 1

您需要将NSExceptionAllowsInsecureHTTPLoads更改为YES。

NSExceptionAllowsInsecureHTTPLoads 将此键的值设置为“是”，以允许给定域的不安全HTTP负载，或能够放松服务器对指向域的HTTPS连接的信任评估要求，如执行手动服务器信任身份验证所述。