CocoaHttpServer support https setting

Others 2019-06-15 01:53:42 views: null

background

  • iOS uses cocoalhttpserver set up a local server via HTTP Server and local web client interaction
  • Page-side support for HTTPS, then, because HTTP, HTTPS web content mix will lead to request an exception (because https initiate page http request will be block away)
  • For example, using https: // localhost: 5543f3  access iOS build server will be unable to accept data (because the server only HTTP , launched https then can not find iOS server address)

Solution

Let iOS mobile end HTTP Server supports HTTPS

Configure certificates

Self-signed certificate of insecurity, and the browser will prompt 不安全the user is required to choose whether to continue to go, so I do not consider,

Public certificate, then, since localhost, or 127.0.0.1is not unique in nature, it is not allowed to generate public SSL certificate.
After find information, through its own domain name can point 127.0.0.1to solve this problem,

The specific measures:

For example, you have a domain name server address to point to local.xxxxx.cn 466.111.111 this subdomain

By FreeSSL configuration free SSL certificate for the free domain name

Finally, download the certificate will get a free domain name of the SSL certificate folder, contains the following:

(Assuming double-click Import Export to cer, and then exported to PEM)

 

After the certificate request down, the domain name to point to 127.0.0.1

Use openssl command to export p12

openssl pkcs12 -export -clcerts -in full_chain.pem -inkey private.key -out my.p12

iOS side configuration

First export of p12 file into the project, rather than importing references To ensure

Before reference Bowen https://blog.csdn.net/u012717715/article/details/89641415

The code can be directly copied directly under RoutingConnection under Routing directory to the project

Password password set when you export the file in which p12


- (BOOL)isSecureServer
{
 
    // Create an HTTPS server (all connections will be secured via SSL/TLS)
    return YES;
}
 
/**
 * This method is expected to returns an array appropriate for use in kCFStreamSSLCertificates SSL Settings.
 * It should be an array of SecCertificateRefs except for the first element in the array, which is a SecIdentityRef.
 **/
- (NSArray *)sslIdentityAndCertificates
{
    SecIdentityRef identityRef = NULL;
    SecCertificateRef certificateRef = NULL;
    SecTrustRef trustRef = NULL;
 
    NSString *thePath = [[NSBundle mainBundle] pathForResource:@"my" ofType:@"p12"];
    NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
    CFDataRef inPKCS12Data = (CFDataRef)CFBridgingRetain(PKCS12Data);
    CFStringRef password = CFSTR("123");
    const void *keys[] = { kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
 
    OSStatus securityError = errSecSuccess;
    securityError =  SecPKCS12Import(inPKCS12Data, optionsDictionary, &items);
    if (securityError == 0) {
        CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
        const void *tempIdentity = NULL;
        tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
        identityRef = (SecIdentityRef)tempIdentity;
        const void *tempTrust = NULL;
        tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
        trustRef = (SecTrustRef)tempTrust;
    } else {
        NSLog(@"Failed with error code %d",(int)securityError);
        return nil;
    }
 
    SecIdentityCopyCertificate(identityRef, &certificateRef);
    NSArray *result = [[NSArray alloc] initWithObjects:(id)CFBridgingRelease(identityRef),   (id)CFBridgingRelease(certificateRef), nil];
 
    return result;
}

After the above configuration, use: https: //local.xxxxx.cn: 55433 to access a secure https link, initiating get, post without any problems

To sum up the configuration process may encounter problems after configuration, or can not access the https:

1, can determine whether p12 file into the project, and whether the search for the right path

2, iOS project to ensure that the code all requests to https request because the server ssl configuration time, if the server contains http request, it will also appear ssl unsafe situation

3, the segment code annotation file GCDAsyncSocket.m

//    if (value)
//    {
//        NSAssert(NO, @"Security option unavailable - kCFStreamSSLLevel"
//                     @" - You must use GCDAsyncSocketSSLProtocolVersionMin & GCDAsyncSocketSSLProtocolVersionMax");
//
//        [self closeWithError:[self otherError:@"Security option unavailable - kCFStreamSSLLevel"]];
//        return;
//    }

 

Guess you like

Origin blog.csdn.net/u012717715/article/details/90717513
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com