一直使用NSURLConnection请求HTTP接口,现在为了安全性的考虑打算使用HTTPS。
那么怎么修改呢?
1.不需要证书验证 ps:我们使用的就是这种
1.1 直接修改HTTP为HTTPS;
1.2 确认有 "Security.framework"
1.3 修改完成,可以直接请求了。
2.需要证书验证
其他的和1是一样的,只不过需要加下面方法.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
- (
void
)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
static
CFArrayRef certs;
if
(!certs) {
NSData*certData =[NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@
"srca"
ofType:@
"cer"
]];
SecCertificateRef rootcert =SecCertificateCreateWithData(kCFAllocatorDefault,CFBridgingRetain(certData));
const
void
*array[
1
] = { rootcert };
certs = CFArrayCreate(NULL, array,
1
, &kCFTypeArrayCallBacks);
CFRelease(rootcert);
// for completeness, really does not matter
}
SecTrustRef trust = [[challenge protectionSpace] serverTrust];
int
err;
SecTrustResultType trustResult =
0
;
err = SecTrustSetAnchorCertificates(trust, certs);
if
(err == noErr) {
err = SecTrustEvaluate(trust,&trustResult);
}
CFRelease(trust);
BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed)||(trustResult == kSecTrustResultConfirm) || (trustResult == kSecTrustResultUnspecified));
if
(trusted) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
else
{
[challenge.sender cancelAuthenticationChallenge:challenge];
}
}
|