問(wèn)題描述

我想檢查 URL 中是否存在 SSL 證書，還想檢查其版本和驗(yàn)證類型.

I wanna check whether the SSL certificate is present in the URL also wants to check its version and validation type.

我創(chuàng)建了一個(gè)應(yīng)用程序，我在其中調(diào)用 NSURLConnection 委托方法以通過(guò)服務(wù)器發(fā)送請(qǐng)求.

I have created a application where I am calling the NSURLConnection delegate methods to send request over a server.

也使用了 "canAuthenticateAgainstProtectionSpace" 方法，但是一旦建立連接就不會(huì)調(diào)用此方法.

Also used "canAuthenticateAgainstProtectionSpace" method, but this method is not getting called once the connection is established.

我如何做到這一點(diǎn)?

推薦答案

iOS 無(wú)法提供對(duì)證書信息的非常精細(xì)的訪問(wèn)權(quán)限.您有兩個(gè)選擇:私有 API 或使用 OpenSSL 構(gòu)建您自己的評(píng)估器.

iOS does not give you very granular access to certificate information. You have two choices: private APIs or build your own evaluator with OpenSSL.

您可以在opensource 中看到私有證書功能代碼.該版本可從 SecCertificateVersion() 獲得.我不確定您所說(shuō)的驗(yàn)證類型"是什么意思.

You can see the private certificate functions in the opensource code. The version is available from SecCertificateVersion(). I'm not certain what you mean by "validation type" here.

要使用 OpenSSL 執(zhí)行此操作，您可以使用 SecCertificateCopyData() 獲取 DER 數(shù)據(jù)，然后自己解析所有內(nèi)容.

To do this with OpenSSL, you can get the DER data with SecCertificateCopyData() and then parse everything yourself.

我建議就這個(gè)問(wèn)題打開一個(gè)雷達(dá) (bugreporter.apple.com).無(wú)法訪問(wèn)有關(guān)證書的基本信息是一個(gè)嚴(yán)重的問(wèn)題.

I suggest opening a radar (bugreporter.apple.com) on this issue. The lack of access to basic information about the certificate is a serious problem.

如果您正在尋找從 NSURLConnection 中提取證書的示例代碼，請(qǐng)參閱 第 11 章示例代碼 來(lái)自 iOS:PTL:

If you're looking for sample code that extracts the certificate from the NSURLConnection, see the Chapter 11 sample code from iOS:PTL:

- (void)connection:(NSURLConnection *)connection
  willSendRequestForAuthenticationChallenge:
  (NSURLAuthenticationChallenge *)challenge
{
  NSURLProtectionSpace *protSpace = challenge.protectionSpace;
  SecTrustRef trust = protSpace.serverTrust;
  ...
    SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, 0);
  ...

此時(shí)，cert 持有您的葉子證書.

At this point, cert holds your leaf certificate.

這篇關(guān)于如何在 iOS 中檢查 SSL 證書的安全性?的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！