invalidate the HTTPS certificate
来源:互联网 发布:excel换行快捷键 mac 编辑:程序博客网 时间:2024/05/02 09:00
What happens when you try to connect to an HTTPS webserver which hasan invalid SSL certificate? For example when the hostname of thewebsite is not the same as the one in the SSL certificate.
With a browser (Safari or Firefox), you get an alert like the following:
If you try to connect to this webserverusing NSURLConnection (Cocoa) or CFReadStream (Carbon), you get anerror. In Cocoa, NSURLConnection fails with an error -1202(NSURLErrorServerCertificateUntrusted). In Carbon, CFReadStreamReadreturns -1, which means no data have been received.
The right way to fix this issue, is of course to create a new SSLcertificate with the right hostname inside. But sometimes, it’s notyour webserver and you don’t really care if the certificate is valid ornot because you don’t send sensitive data. In that case, there is aneasy way to just ignore the certificate.
With Carbon
If you are developing with Carbon, you canset some properties to the CFReadStream. To ignore the SSL certificate,you can simply set the property kCFStreamSSLValidatesCertificateChainof the CFReadStream to false. The following sample do a POST request
code:
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Created by Alexandre Colucci on 23/07/2008.
// Copyright 2008 Alexandre Colucci. All rights reserved.
int main(int argc, char* argv[])
{
// The URL of the Webserver
CFURLRef myWebserverURLRef = CFURLCreateWithString(kCFAllocatorDefault, CFSTR("https://myWebserver.com/"), NULL);
if(myWebserverURLRef != NULL)
{
// Create the HTTP message
CFHTTPMessageRef theMessageRef = CFHTTPMessageCreateRequest(kCFAllocatorDefault, CFSTR("POST"), myWebserverURLRef, kCFHTTPVersion1_1);
if(theMessageRef != NULL)
{
// Set useful headers
CFHTTPMessageSetHeaderFieldValue(theMessageRef, CFSTR("Accept"), CFSTR("text/xml"));
CFHTTPMessageSetHeaderFieldValue(theMessageRef, CFSTR("Content-type"), CFSTR("application/xml"));
// The body
char *theDataString = "<?xml version=/"1.0/" encoding=/"UTF-8/"?><something></something>";
CFDataRef dataRef = CFDataCreate(kCFAllocatorDefault, (const UInt8*)theDataString, strlen(theDataString));
CFHTTPMessageSetBody(theMessageRef, dataRef);
// Create the CFReadStreamRef
CFReadStreamRef streamRef = CFReadStreamCreateForHTTPRequest(kCFAllocatorDefault, theMessageRef);
if(streamRef != NULL)
{
// We don't want to validate the HTTPS certificate.
CFMutableDictionaryRef securityDictRef = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if(securityDictRef != NULL)
{
CFDictionarySetValue(securityDictRef, kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
CFReadStreamSetProperty(streamRef, kCFStreamPropertySSLSettings, securityDictRef);
CFRelease(securityDictRef);
}
// Open the stream
CFReadStreamOpen(streamRef);
// Read the data
CFIndex theBufferLength = 1024;
UInt8 theBuffer[1024];
CFIndex theBytesRead = 0;
CFMutableStringRef theMutableStringRef = CFStringCreateMutable( kCFAllocatorDefault, 0 );
do
{
theBytesRead = CFReadStreamRead(streamRef, theBuffer, theBufferLength);
if(theBufferLength > 0)
CFStringAppendCString(theMutableStringRef, (const char*)theBuffer, kCFStringEncodingASCII);
}
while(theBytesRead > 0);
if(theBytesRead < 0)
fprintf(stderr, "Host is down?/n");
else
{
fprintf(stderr, "didReceiveData: /n");
CFShow(theMutableStringRef);
}
CFRelease(theMutableStringRef);
CFRelease(streamRef);
}
CFRelease(dataRef);
CFRelease(theMessageRef);
}
CFRelease(myWebserverURLRef);
}
return 0;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
With Cocoa
NSURLRequest has a private method called setAllowsAnyHTTPSCertificate:forHost: which simply ignores the certificate.
The following sample do the same POST request as the Carbon version:
code:
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@interface NSURLRequest (DummyInterface)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
@end
@implementation MainController
-(IBAction)doSomething:(id)sender
{
// The URL of the Webserver
NSURL *myWebserverURL = [NSURL URLWithString:@"https://myWebserver.com/"];
// Create the request
NSMutableURLRequest *theRequest = [NSMutableURLRequest requestWithURL:myWebserverURL cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:60.0];
// Set the HTTP method.
[theRequest setHTTPMethod:@"POST"];
// Set useful headers
[theRequest setValue:@"text/xml" forHTTPHeaderField:@"Accept"];
[theRequest setValue:@"application/xml" forHTTPHeaderField:@"Content-type"];
// The body
NSString *theDataString = @"<?xml version=/"1.0/" encoding=/"UTF-8/"?><something></something>";
NSData *theData = [theDataString dataUsingEncoding:NSUTF8StringEncoding];
[theRequest setHTTPBody:theData];
// Use the private method setAllowsAnyHTTPSCertificate:forHost:
// to not validate the HTTPS certificate.
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[myWebserverURL host]];
// Create the NSURLConnection and init the request.
[[NSURLConnection alloc] initWithRequest:theRequest delegate:self];
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
- invalidate the HTTPS certificate
- Android - WebView 加载 Https 出现 SSL Error. Failed to validate the certificate chain
- Webdriver - IE security certificate when access https
- Webdriver - IE security certificate when access https
- Expiry of the Debug Certificate
- 证书链(The Certificate Chains)
- 证书链(The Certificate Chains)
- 证书链(The Certificate Chains)
- Unable to find manifest signing certificate in the certificate store.
- Unable to find manifest signing certificate in the certificate store
- Invalidate
- Invalidate()
- Invalidate()
- Invalidate
- Invalidate
- Invalidate
- Invalidate()
- invalidate()
- 1_1 一个简单的XML案例
- static的全部用法
- 手机接收的PDU串的分析(包含7-bit和UCS2解码,超长短信解释)
- WINCE6: MFC支持
- 使用 PHP 开发基于 Web 服务的应用程序
- invalidate the HTTPS certificate
- django 文件上传
- 在Asp.net中建立Microsoft.Office.Interop.Word.Application时出现“拒绝访问”错误的解决方法
- 服务器配置系列之一 Install apache2 on linux
- 如何去掉: warning C4996:
- iphone http send request(two mode)
- 正确解析Unicode编码和Java char
- C#中的接口
- Carbon 與 Cocoa 介紹