佚名通过本文主要向大家介绍了http和https的区别,http跟https的区别,http和https什么区别,http https ftp区别,http和https有何区别等相关知识,希望对您有所帮助,也希望大家支持linkedu.com www.linkedu.com
问题:http与https的区别 https 使用自签名证书的问题
描述:
解决方案1:
描述:
对于https 使用自签名证书,我有如下几个疑问:
1.网上看的资料对于自签名证书都需要在客户端倒入证书,然后验证证书的,如果不验证证书,直接使用发过来的发过来的凭证进行通信有什么风险和问题?
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
//1)获取trust object
SecTrustRef trust = challenge.protectionSpace.serverTrust;
NSURLCredential *cred = [NSURLCredential credentialForTrust:trust];
[challenge.sender useCredential:cred forAuthenticationChallenge:challenge];
}我经常在网上看到这样一段代码,你觉得这段代码是怎样验证的?
NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
__block NSURLCredential *credential = nil;
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
disposition = NSURLSessionAuthChallengeUseCredential;
credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
if (completionHandler) {
completionHandler(disposition, credential);
}解决方案1:
1、不验证证书,直接请求都是有问题的哦
2、那边是先判断其证书服务器是否可信任的,然后再对证书做出相应的的处理方式。具体的可看 iOS HTTPs。