阻止ios5中的自簽名SSL證書

Question

我使用執行基本HTTP驗證的代碼，請參閱下文。這在IOS 5中工作正常。但是現在我們將協議更改爲https，並且我們使用了僞造的自簽名證書。它也工作！這看起來不安全。有人知道你是否需要用這種方法做某些事情來防止某些證書被接受？

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge: 
     (NSURLAuthenticationChallenge *)challenge { 

if ([challenge previousFailureCount] <= maxRetryCount) { 
    NSURLCredential *newCredential = 
    [NSURLCredential 
    credentialWithUser: userName 
    password:password 
    persistence:NSURLCredentialPersistenceForSession]; 

    [[challenge sender] 
    useCredential:newCredential 
    forAuthenticationChallenge:challenge]; 

    } 
    else 
    { 
    NSLog(@"Failure count %d",[challenge previousFailureCount]); 
    } 
} 

Answer 1

看來我自己找到了答案。這會阻止無效的證書。 仍然必須測試它是否在使用有效證書登錄時工作。

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge: 
     (NSURLAuthenticationChallenge *)challenge { 

    if ([[[challenge protectionSpace] authenticationMethod] isEqualToString:@"NSURLAuthenticationMethodServerTrust"]) { 
     [[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge]; 
    } 
    else { 
     if ([challenge previousFailureCount] <= maxRetryCount) { 
     NSURLCredential *newCredential = 
     [NSURLCredential 
     credentialWithUser: userName 
     password:password 
     persistence:NSURLCredentialPersistenceForSession]; 

     [[challenge sender] 
     useCredential:newCredential 
     forAuthenticationChallenge:challenge]; 

     } 
     else 
     { 
     NSLog(@"Failure count %d",[challenge previousFailureCount]); 
     } 
    } 
}