任何信息将不胜感激!!
编辑:
所以我目前正在使用红蜘蛛来试试这个.我有证书设置.这是我到目前为止尝试的代码
public struct IdentityAndTrust {
public var identityRef:SecIdentity
public var trust:SecTrust
public var certData : Data
}
var socket = WebSocket(url: URL(string: "\(ConstantKeys.ipAddress)")!,protocols: [])
var identityTest : IdentityAndTrust?
func createTrust()
{
do
{
let urlPath = Bundle.main.path(forResource: "client",ofType: "p12")
let url = NSURL.fileURL(withPath: urlPath!)
let certificateData = try Data(contentsOf: url)
identityTest = extractTrustAndIdentity(certData: certificateData,certPassword: ConstantKeys.password)
}
catch
{
print(error)
}
}
func extractTrustAndIdentity(certData:Data,certPassword:String) -> IdentityAndTrust
{
var identityAndTrust:IdentityAndTrust!
var securityError:Osstatus = errSecSuccess
var items: CFArray?
let certOptions: Dictionary = [ kSecImportExportPassphrase as String : certPassword ];
// import certificate to read its entries
securityError = SecPKCS12Import(certData as CFData,certOptions as CFDictionary,&items);
if securityError == errSecSuccess {
let certItems:CFArray = items as CFArray!;
let certItemsArray:Array = certItems as Array
let dict:AnyObject? = certItemsArray.first;
if let certEntry:Dictionary = dict as? Dictionary<String,AnyObject> {
// grab the identity
let identityPointer:AnyObject? = certEntry["identity"];
let secIdentityRef:SecIdentity = identityPointer as! SecIdentity!;
// grab the trust
let trustPointer:AnyObject? = certEntry["trust"];
let trustRef:SecTrust = trustPointer as! SecTrust;
// grab the certificate chain
var certRef: SecCertificate?
SecIdentitycopyCertificate(secIdentityRef,&certRef);
let certArray:NSMutableArray = NSMutableArray();
certArray.add(certRef as SecCertificate!);
identityAndTrust = IdentityAndTrust(identityRef: secIdentityRef,trust: trustRef,certData : certData);
}
}
return identityAndTrust
}
然后我像这样连接socket
let key = SecTrustcopyPublicKey(identityTest!.trust)!; let ssl = SSLCert(key: key) socket.security = SSLSecurity(certs: [ssl],usePublicKeys: false) socket.enabledSSLCipherSuites = [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] socket.delegate = self socket.connect()
但是我收到以下错误消息
CFNetwork SSLHandshake Failed (-9807)
TCP Conn 0x604000173980 SSLHandshake Failed (-9807) websocket is
disconnected: The operation Couldn’t be completed. (Osstatus error
-9807.)
我知道证书是有效的,因为我使用它来发出https请求,它工作正常.那么有谁知道它为什么不起作用?或者有没有人知道另一个可以帮助解决这个问题的套接字库?
解决方法
以下链接可以帮助您:
http://www.yeradis.com/swift-authentication-challenge
http://www.indelible.org/ink/trusted-ssl-certificates/
https://jetforme.org/2013/05/validating-a-self-signed-ssl-certificate-in-ios-and-os-x-against-a-changing-host-name/enter link description here
您选择的任何方法(第三方或URLSession),我建议您阅读此安全问题:
https://github.com/facebook/SocketRocket/pull/534
https://www.synopsys.com/blogs/software-security/ineffective-certificate-pinning-implementations/enter link description here
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
