English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
As everyone knows, Apple has said, from2017From the beginning of the year, resources with http will be blocked and https will be strongly recommended
The author just recently converted http to https and would like to share some tips with those who haven't started yet
1.Prepare the certificate
First, get a certificate from the background (SSL certificate, usually you tell the background to set up https, and then he will give you a certificate, he will know), we need is the .cer certificate. But the background may give us the .crt certificate. We need to convert it: open the terminal -> cd to.crt certificate path -> Input openssl x509 -in your_certificate.crt -out your_certificate.cer -outform der, the certificate is ready, drag it into the project, remember to select copy.
2.Create a new class or class method
The following code is borrowed, the author himself puts it in a class called FactoryUI
//supports https
+ (AFSecurityPolicy *)customSecurityPolicy
{
//First import the certificate, find the path of the certificate
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"your_certificate_name" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
//AFSSLPinningModeCertificate uses certificate verification mode
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
//allowInvalidCertificates whether to allow invalid certificates (that is, self-signed certificates), the default is NO
//If it is necessary to verify self-signed certificates, it needs to be set to YES
securityPolicy.allowInvalidCertificates = YES;
//validatesDomainName whether to verify the domain name, the default is YES;
//If the domain name of the certificate is inconsistent with the domain name you request, you need to set this item to NO; if it is set to NO, that is, the server uses a certificate issued by another trusted institution, a connection can also be established, which is very dangerous, it is recommended to enable it.
//Set to NO, mainly used in this situation: the client requests a subdomain, while the certificate is another domain. Because the domain name on the SSL certificate is independent, if the registered domain name on the certificate is www.google.com, then mail.google.com cannot pass the verification; of course, if you have money, you can register wildcard domain names*.google.com, but this is still quite expensive.
//If set to NO, it is recommended to add the corresponding domain name validation logic yourself.
securityPolicy.validatesDomainName = NO;
NSSet *set = [[NSSet alloc] initWithObjects:certData, nil];
securityPolicy.pinnedCertificates = set;
return securityPolicy;
}
3.Modify the request of AFNetWorking (AFNetworking3Take .0 as an Example)
AFHTTPSessionManager *manager = [AFHTTPSessionManager manager]; manager.responseSerializer = [AFHTTPResponseSerializer serializer]; manager.requestSerializer.timeoutInterval = 5.0; [manager setSecurityPolicy:[FactoryUI customSecurityPolicy]];//such as2If the class method of FactoryUI is mentioned
The rest is still the same
Supplement: The App Transport Security Settings still need to be set
That's all for this article. Hope it will be helpful to everyone's learning and also hope everyone will support the Shouting Tutorial more.
Statement: The content of this article is from the Internet, and the copyright belongs to the original author. The content is contributed and uploaded by Internet users spontaneously. This website does not own the copyright, has not been manually edited, and does not assume relevant legal liability. If you find any content suspected of copyright infringement, please send an email to: notice#oldtoolbag.com (When reporting via email, please replace # with @) for reporting, and provide relevant evidence. Once verified, this site will immediately delete the infringing content.