Merge branch 'invalid-ssl' of git://github.com/kcharwood/AFNetworking into kcharwood-invalid-ssl
This commit is contained in:
Mattt Thompson
commit
8ea42866b8
4 changed files with 48 additions and 24 deletions
|
|
@ -145,6 +145,11 @@ typedef enum {
|
|||
@property (nonatomic, assign) AFURLConnectionOperationSSLPinningMode defaultSSLPinningMode;
|
||||
#endif
|
||||
|
||||
/**
|
||||
The flag to determine if each `AFHTTPRequestOperation` that is created in `HTTPRequestOperationWithRequest` should accept an invalid SSL certificate. If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is set, this property defaults to YES for backwards compatibility support. Otherwise, this property defaults to NO.
|
||||
*/
|
||||
@property (nonatomic,assign) BOOL allowInvalidSSLCertificate;
|
||||
|
||||
///---------------------------------------------
|
||||
/// @name Creating and Initializing HTTP Clients
|
||||
///---------------------------------------------
|
||||
|
|
|
|||
|
|
@ -263,6 +263,11 @@ NSArray * AFQueryStringPairsFromKeyAndValue(NSString *key, id value) {
|
|||
self.operationQueue = [[NSOperationQueue alloc] init];
|
||||
[self.operationQueue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
|
||||
|
||||
//This ifdef has been added for backwards compatibility purposes
|
||||
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
|
||||
self.allowInvalidSSLCertificate = YES;
|
||||
#endif
|
||||
|
||||
return self;
|
||||
}
|
||||
|
||||
|
|
@ -536,6 +541,7 @@ static void AFNetworkReachabilityReleaseCallback(const void *info) {
|
|||
#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_
|
||||
operation.SSLPinningMode = self.defaultSSLPinningMode;
|
||||
#endif
|
||||
operation.allowInvalidSSLCertificate = self.allowInvalidSSLCertificate;
|
||||
|
||||
return operation;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -127,6 +127,11 @@ NSCoding, NSCopying>
|
|||
*/
|
||||
@property (readonly, nonatomic, strong) NSError *error;
|
||||
|
||||
/**
|
||||
The flag to determine if the connection should accept an invalid SSL certificate. If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is set, this property defaults to YES for backwards compatibility support. Otherwise, this property defaults to NO.
|
||||
*/
|
||||
@property (nonatomic,assign) BOOL allowInvalidSSLCertificate;
|
||||
|
||||
///----------------------------
|
||||
/// @name Getting Response Data
|
||||
///----------------------------
|
||||
|
|
@ -280,7 +285,7 @@ NSCoding, NSCopying>
|
|||
|
||||
@param block A block object to be executed to determine whether the connection should be able to respond to a protection space's form of authentication. The block has a `BOOL` return type and takes two arguments: the URL connection object, and the protection space to authenticate against.
|
||||
|
||||
If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is defined, `connection:canAuthenticateAgainstProtectionSpace:` will accept invalid SSL certificates, returning `YES` if the protection space authentication method is `NSURLAuthenticationMethodServerTrust`.
|
||||
If `allowInvalidSSLCertificate` is set to YES, `connection:canAuthenticateAgainstProtectionSpace:` will accept invalid SSL certificates, returning `YES` if the protection space authentication method is `NSURLAuthenticationMethodServerTrust`.
|
||||
*/
|
||||
- (void)setAuthenticationAgainstProtectionSpaceBlock:(BOOL (^)(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace))block;
|
||||
|
||||
|
|
@ -289,7 +294,7 @@ NSCoding, NSCopying>
|
|||
|
||||
@param block A block object to be executed when the connection must authenticate a challenge in order to download its request. The block has no return type and takes two arguments: the URL connection object, and the challenge that must be authenticated.
|
||||
|
||||
If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is defined, `connection:didReceiveAuthenticationChallenge:` will attempt to have the challenge sender use credentials with invalid SSL certificates.
|
||||
If `allowInvalidSSLCertificate` is set to YES, `connection:didReceiveAuthenticationChallenge:` will attempt to have the challenge sender use credentials with invalid SSL certificates.
|
||||
*/
|
||||
- (void)setAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block;
|
||||
|
||||
|
|
|
|||
|
|
@ -258,6 +258,11 @@ static inline BOOL AFStateTransitionIsValid(AFOperationState fromState, AFOperat
|
|||
|
||||
self.state = AFOperationReadyState;
|
||||
|
||||
//This ifdef has been added for backwards compatibility purposes
|
||||
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
|
||||
self.allowInvalidSSLCertificate = YES;
|
||||
#endif
|
||||
|
||||
return self;
|
||||
}
|
||||
|
||||
|
|
@ -606,25 +611,25 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
|
|||
break;
|
||||
}
|
||||
case AFSSLPinningModeNone: {
|
||||
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
|
||||
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
|
||||
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
|
||||
#else
|
||||
SecTrustResultType result = 0;
|
||||
OSStatus status = SecTrustEvaluate(serverTrust, &result);
|
||||
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
|
||||
|
||||
if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
|
||||
if(self.allowInvalidSSLCertificate == YES){
|
||||
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
|
||||
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
|
||||
} else {
|
||||
[[challenge sender] cancelAuthenticationChallenge:challenge];
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
SecTrustResultType result = 0;
|
||||
OSStatus status = SecTrustEvaluate(serverTrust, &result);
|
||||
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
|
||||
|
||||
if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
|
||||
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
|
||||
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
|
||||
} else {
|
||||
[[challenge sender] cancelAuthenticationChallenge:challenge];
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
@ -633,11 +638,10 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
|
|||
- (BOOL)connection:(NSURLConnection *)connection
|
||||
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
|
||||
{
|
||||
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
|
||||
if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
|
||||
return YES;
|
||||
if(self.allowInvalidSSLCertificate == YES &&
|
||||
[protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
|
||||
return YES;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (self.authenticationAgainstProtectionSpace) {
|
||||
return self.authenticationAgainstProtectionSpace(connection, protectionSpace);
|
||||
|
|
@ -651,13 +655,14 @@ canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
|
|||
- (void)connection:(NSURLConnection *)connection
|
||||
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
|
||||
{
|
||||
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
|
||||
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
|
||||
|
||||
if(self.allowInvalidSSLCertificate == YES
|
||||
&& [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
|
||||
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
if (self.authenticationChallenge) {
|
||||
self.authenticationChallenge(connection, challenge);
|
||||
} else {
|
||||
|
|
@ -805,7 +810,8 @@ didReceiveResponse:(NSURLResponse *)response
|
|||
self.error = [aDecoder decodeObjectForKey:@"error"];
|
||||
self.responseData = [aDecoder decodeObjectForKey:@"responseData"];
|
||||
self.totalBytesRead = [[aDecoder decodeObjectForKey:@"totalBytesRead"] longLongValue];
|
||||
|
||||
self.allowInvalidSSLCertificate = [[aDecoder decodeObjectForKey:@"allowInvalidSSLCertificate"] boolValue];
|
||||
|
||||
return self;
|
||||
}
|
||||
|
||||
|
|
@ -829,6 +835,7 @@ didReceiveResponse:(NSURLResponse *)response
|
|||
[aCoder encodeObject:self.error forKey:@"error"];
|
||||
[aCoder encodeObject:self.responseData forKey:@"responseData"];
|
||||
[aCoder encodeObject:[NSNumber numberWithLongLong:self.totalBytesRead] forKey:@"totalBytesRead"];
|
||||
[aCoder encodeObject:[NSNumber numberWithBool:self.allowInvalidSSLCertificate] forKey:@"allowInvalidSSLCertificate"];
|
||||
}
|
||||
|
||||
#pragma mark - NSCopying
|
||||
|
|
@ -842,6 +849,7 @@ didReceiveResponse:(NSURLResponse *)response
|
|||
operation.authenticationChallenge = self.authenticationChallenge;
|
||||
operation.cacheResponse = self.cacheResponse;
|
||||
operation.redirectResponse = self.redirectResponse;
|
||||
operation.allowInvalidSSLCertificate = self.allowInvalidSSLCertificate;
|
||||
|
||||
return operation;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue