在 iOS 5.0/5.0.1 上使用 SSL 的 ASIHTTPRequest 失败

Question

我正在使用 ASIHTTPRequest v1.8.1 发出 HTTPS 请求。问题是它不能在 iOS 5.0 和 5.0.1 上运行，而在 5.1 和 5.1.1 上它运行良好。代码很简单：

__block ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:RemoteNotiURL]];
[request setPostValue:@"i" forKey:@"plat"];
[request setPostValue:token forKey:@"token"];
[request setValidatesSecureCertificate:NO];

[request setCompletionBlock:^{
    NSLog(@"done");
}];

[request setFailedBlock:^{
    NSLog(@"error = %@", [request error]);

}];

[request startAsynchronous];

RemoteNotiURL 是一个类似https://xxx.example.com 的 URL

错误是：

error = Error Domain=ASIHTTPRequestErrorDomain Code=1 "A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)" UserInfo=0x18460b0 {NSUnderlyingError=0x1853ab0 "The operation couldn’t be completed. (OSStatus error -9800.)", NSLocalizedDescription=A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)}

对此我能做些什么？

Answer 1

正如@JosephH 所说，解决方案涉及修改 ASIHTTPRequest.m 以更改 sslProperties 字典的 kCFStreamSSLLevel 属性。在此文件中查找评论 // Tell CFNetwork not to validate SSL certificates

在此注释下有一个 if 子句

if (![self validatesSecureCertificate]) {
        // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html

        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                       [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                       kCFNull,kCFStreamSSLPeerName,
                                       nil];

        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];
    }

像这样修改 if 子句

if (![self validatesSecureCertificate]) {
        // see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html

        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                       [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                       [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                       kCFNull,kCFStreamSSLPeerName,
                                       @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
                                       nil];

        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];
    }else {
        NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
                                       [NSNumber numberWithBool:NO], kCFStreamSSLAllowsExpiredCertificates,
                                       [NSNumber numberWithBool:NO], kCFStreamSSLAllowsAnyRoot,
                                       [NSNumber numberWithBool:YES],  kCFStreamSSLValidatesCertificateChain,
                                       @"kCFStreamSocketSecurityLevelTLSv1_0SSLv3", kCFStreamSSLLevel,
                                       nil];

        CFReadStreamSetProperty((CFReadStreamRef)[self readStream], 
                                kCFStreamPropertySSLSettings, 
                                (CFTypeRef)sslProperties);
        [sslProperties release];
    }

这应该会使请求再次起作用。验证 SSL 证书和不验证 SSL 证书的请求。

在 IOS 5.0.1 和 5.1.1 上测试。

希望这会有所帮助。