對於https 使用自簽名證書,我有以下幾個問題:
1.網路上看的資料對於自簽名證書都需要在客戶端倒入證書,然後驗證證書的,如果不驗證證書,直接使用發過來的發過來的憑證進行通信有什麼風險和問題?
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
//1)获取trust object
SecTrustRef trust = challenge.protectionSpace.serverTrust;
NSURLCredential *cred = [NSURLCredential credentialForTrust:trust];
[challenge.sender useCredential:cred forAuthenticationChallenge:challenge];
}我常在網路上看到這樣一段程式碼,你覺得這段程式碼是怎麼驗證的?
NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
__block NSURLCredential *credential = nil;
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
disposition = NSURLSessionAuthChallengeUseCredential;
credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
if (completionHandler) {
completionHandler(disposition, credential);
}
曾经蜡笔没有小新2017-05-02 09:40:04
1、不驗證證書,直接請求都是有問題的哦
2、那邊是先判斷其證書伺服器是否可信的,然後再對證書做出相應的的處理方式。具體的可看 iOS HTTPs。