iOS之使用NSURLConnection连接HTTPS(SSL)站点

转载自：http://www.tuicool.com/articles/7FnIZv

使用 NSURLConnection 连接HTTPS站点，需要处理SSL认证， NSURLConnectionDelegate 中定义了一些方法来处理认证

– connection:canAuthenticateAgainstProtectionSpace:

– connection:didReceiveAuthenticationChallenge:

一. NSURLConnection 中处理SSL

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace{  return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];}

如果接受任何证书

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];}

如果使用证书验证

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{        static CFArrayRef certs;        if (!certs) {            NSData*certData =[NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"srca" ofType:@"cer"]];            SecCertificateRef rootcert =SecCertificateCreateWithData(kCFAllocatorDefault,CFBridgingRetain(certData));            const void *array[1] = { rootcert };            certs = CFArrayCreate(NULL, array, 1, &kCFTypeArrayCallBacks);            CFRelease(rootcert);    // for completeness, really does not matter        }        SecTrustRef trust = [[challenge protectionSpace] serverTrust];        int err;        SecTrustResultType trustResult = 0;        err = SecTrustSetAnchorCertificates(trust, certs);        if (err == noErr) {            err = SecTrustEvaluate(trust,&trustResult);        }        CFRelease(trust);        BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed)||(trustResult == kSecTrustResultConfirm) || (trustResult == kSecTrustResultUnspecified));        if (trusted) {            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];        }else{            [challenge.sender cancelAuthenticationChallenge:challenge];        }}

二. AFNetworking 框架中处理SSL

使用 AFURLConnectionOperation 类的下面两个方法，分别将上述代码以block方式传入即可。 
– setAuthenticationAgainstProtectionSpaceBlock: 
– setAuthenticationChallengeBlock:

参考: 
Technical Note TN2232 – HTTPS Server Trust Evaluation 
NSURLConnection Class Reference 
NSURLConnectionDelegate Protocol Reference 
How to use NSURLConnection to connect with SSL for an untrusted cert? 
NSURLConnection with Self-Signed Certificates 
iPhone SSL based NSURLConnection with your own root cert 
dhoerl / MyWebFetcher.m 
https://github.com/AFNetworking/AFNetworking/ 
AFNetworking – AFURLConnectionOperation Class Reference 
关于在UIwebView中访问HTTPS站点的几种方法