注:调用SecTrustSetAnchorCertificates设置可信任证书列表后就只会在设置的列表中进行验证,会屏蔽掉系统原本的信任列表,要使系统的继续起作用只要调用SecTrustSetAnchorCertificates方法,第二个参数设置成NO即可。
AFNetworking中应该是这句(个人见解望指正)
SecTrustSetAnchorCertificatesOnly(serverTrust,NO);
第2种
#import "HttpManager.h"
#import "AFHTTPSessionManager.h"
@interface HttpManager()
@property(nonatomic,retain)AFHTTPSessionManager *manager;
@end
@implementation HttpManager
+(instancetype)shareHttpManager{
static dispatch_once_t onece = 0;
static HttpManager *httpManager = nil;
dispatch_once(&onece, ^(void){
httpManager = [[self alloc]init];
});
return httpManager;
}
//https访问
-(void)post:(NSString *)url withParameters:(id)parameters success:(void (^)(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject))success failure:(void (^)(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error))failure {
FSecurityPolicy分三种验证模式:
1、AFSSLPinningModeNone:只验证证书是否在新人列表中
2、AFSSLPinningModeCertificate:验证证书是否在信任列表中,然后再对比服务端证书和客户端证书是否一致
3、 AFSSLPinningModePublicKey:只验证服务端与客户端证书的公钥是否一致
这里我们选第二种模式,并且对AFSecurityPolicy的allowInvalidCertificates和 validatesDomainName进行设置。
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
// securityPolicy = [AFSecurityPolicy defaultPolicy];
//allowInvalidCertificates 是否允许无效证书(也就是自建的证书),默认为NO