evie/AFNetworking
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'invalid-ssl' of git://github.com/kcharwood/AFNetworking into kcharwood-invalid-ssl

Browse source
This commit is contained in:
Mattt Thompson 2013-04-17 18:04:50 +02:00
commit 8ea42866b8
4 changed files with 48 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
AFNetworking/AFHTTPClient.h
View file

@ -145,6 +145,11 @@ typedef enum {
@property (nonatomic, assign) AFURLConnectionOperationSSLPinningMode defaultSSLPinningMode; @property (nonatomic, assign) AFURLConnectionOperationSSLPinningMode defaultSSLPinningMode;
#endif #endif
/**
The flag to determine if each `AFHTTPRequestOperation` that is created in `HTTPRequestOperationWithRequest` should accept an invalid SSL certificate. If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is set, this property defaults to YES for backwards compatibility support. Otherwise, this property defaults to NO.
*/
@property (nonatomic,assign) BOOL allowInvalidSSLCertificate;
///--------------------------------------------- ///---------------------------------------------
/// @name Creating and Initializing HTTP Clients /// @name Creating and Initializing HTTP Clients
///--------------------------------------------- ///---------------------------------------------

6
AFNetworking/AFHTTPClient.m
View file

@ -263,6 +263,11 @@ NSArray * AFQueryStringPairsFromKeyAndValue(NSString *key, id value) {
self.operationQueue = [[NSOperationQueue alloc] init]; self.operationQueue = [[NSOperationQueue alloc] init];
[self.operationQueue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount]; [self.operationQueue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
//This ifdef has been added for backwards compatibility purposes
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
self.allowInvalidSSLCertificate = YES;
#endif
return self; return self;
} }
@ -536,6 +541,7 @@ static void AFNetworkReachabilityReleaseCallback(const void *info) {
#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ #ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_
operation.SSLPinningMode = self.defaultSSLPinningMode; operation.SSLPinningMode = self.defaultSSLPinningMode;
#endif #endif
operation.allowInvalidSSLCertificate = self.allowInvalidSSLCertificate;
return operation; return operation;
} }

9
AFNetworking/AFURLConnectionOperation.h
View file

@ -127,6 +127,11 @@ NSCoding, NSCopying>
*/ */
@property (readonly, nonatomic, strong) NSError *error; @property (readonly, nonatomic, strong) NSError *error;
/**
The flag to determine if the connection should accept an invalid SSL certificate. If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is set, this property defaults to YES for backwards compatibility support. Otherwise, this property defaults to NO.
*/
@property (nonatomic,assign) BOOL allowInvalidSSLCertificate;
///---------------------------- ///----------------------------
/// @name Getting Response Data /// @name Getting Response Data
///---------------------------- ///----------------------------
@ -280,7 +285,7 @@ NSCoding, NSCopying>
@param block A block object to be executed to determine whether the connection should be able to respond to a protection space's form of authentication. The block has a `BOOL` return type and takes two arguments: the URL connection object, and the protection space to authenticate against. @param block A block object to be executed to determine whether the connection should be able to respond to a protection space's form of authentication. The block has a `BOOL` return type and takes two arguments: the URL connection object, and the protection space to authenticate against.
If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is defined, `connection:canAuthenticateAgainstProtectionSpace:` will accept invalid SSL certificates, returning `YES` if the protection space authentication method is `NSURLAuthenticationMethodServerTrust`. If `allowInvalidSSLCertificate` is set to YES, `connection:canAuthenticateAgainstProtectionSpace:` will accept invalid SSL certificates, returning `YES` if the protection space authentication method is `NSURLAuthenticationMethodServerTrust`.
*/ */
- (void)setAuthenticationAgainstProtectionSpaceBlock:(BOOL (^)(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace))block; - (void)setAuthenticationAgainstProtectionSpaceBlock:(BOOL (^)(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace))block;
@ -289,7 +294,7 @@ NSCoding, NSCopying>
@param block A block object to be executed when the connection must authenticate a challenge in order to download its request. The block has no return type and takes two arguments: the URL connection object, and the challenge that must be authenticated. @param block A block object to be executed when the connection must authenticate a challenge in order to download its request. The block has no return type and takes two arguments: the URL connection object, and the challenge that must be authenticated.
If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is defined, `connection:didReceiveAuthenticationChallenge:` will attempt to have the challenge sender use credentials with invalid SSL certificates. If `allowInvalidSSLCertificate` is set to YES, `connection:didReceiveAuthenticationChallenge:` will attempt to have the challenge sender use credentials with invalid SSL certificates.
*/ */
- (void)setAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block; - (void)setAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block;

52
AFNetworking/AFURLConnectionOperation.m
View file

@ -258,6 +258,11 @@ static inline BOOL AFStateTransitionIsValid(AFOperationState fromState, AFOperat
self.state = AFOperationReadyState; self.state = AFOperationReadyState;
//This ifdef has been added for backwards compatibility purposes
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
self.allowInvalidSSLCertificate = YES;
#endif
return self; return self;
} }
@ -606,25 +611,25 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
break; break;
} }
case AFSSLPinningModeNone: { case AFSSLPinningModeNone: {
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_ if(self.allowInvalidSSLCertificate == YES){
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
#else
SecTrustResultType result = 0;
OSStatus status = SecTrustEvaluate(serverTrust, &result);
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust]; NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
} else {
[[challenge sender] cancelAuthenticationChallenge:challenge];
} }
#endif else {
SecTrustResultType result = 0;
OSStatus status = SecTrustEvaluate(serverTrust, &result);
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
} else {
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
break; break;
} }
} }
} }
} }
#endif #endif
@ -633,11 +638,10 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
- (BOOL)connection:(NSURLConnection *)connection - (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{ {
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_ if(self.allowInvalidSSLCertificate == YES &&
if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
return YES; return YES;
} }
#endif
if (self.authenticationAgainstProtectionSpace) { if (self.authenticationAgainstProtectionSpace) {
return self.authenticationAgainstProtectionSpace(connection, protectionSpace); return self.authenticationAgainstProtectionSpace(connection, protectionSpace);
@ -651,13 +655,14 @@ canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
- (void)connection:(NSURLConnection *)connection - (void)connection:(NSURLConnection *)connection
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{ {
#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { if(self.allowInvalidSSLCertificate == YES
&& [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
return; return;
} }
#endif
if (self.authenticationChallenge) { if (self.authenticationChallenge) {
self.authenticationChallenge(connection, challenge); self.authenticationChallenge(connection, challenge);
} else { } else {
@ -805,7 +810,8 @@ didReceiveResponse:(NSURLResponse *)response
self.error = [aDecoder decodeObjectForKey:@"error"]; self.error = [aDecoder decodeObjectForKey:@"error"];
self.responseData = [aDecoder decodeObjectForKey:@"responseData"]; self.responseData = [aDecoder decodeObjectForKey:@"responseData"];
self.totalBytesRead = [[aDecoder decodeObjectForKey:@"totalBytesRead"] longLongValue]; self.totalBytesRead = [[aDecoder decodeObjectForKey:@"totalBytesRead"] longLongValue];
self.allowInvalidSSLCertificate = [[aDecoder decodeObjectForKey:@"allowInvalidSSLCertificate"] boolValue];
return self; return self;
} }
@ -829,6 +835,7 @@ didReceiveResponse:(NSURLResponse *)response
[aCoder encodeObject:self.error forKey:@"error"]; [aCoder encodeObject:self.error forKey:@"error"];
[aCoder encodeObject:self.responseData forKey:@"responseData"]; [aCoder encodeObject:self.responseData forKey:@"responseData"];
[aCoder encodeObject:[NSNumber numberWithLongLong:self.totalBytesRead] forKey:@"totalBytesRead"]; [aCoder encodeObject:[NSNumber numberWithLongLong:self.totalBytesRead] forKey:@"totalBytesRead"];
[aCoder encodeObject:[NSNumber numberWithBool:self.allowInvalidSSLCertificate] forKey:@"allowInvalidSSLCertificate"];
} }
#pragma mark - NSCopying #pragma mark - NSCopying
@ -842,6 +849,7 @@ didReceiveResponse:(NSURLResponse *)response
operation.authenticationChallenge = self.authenticationChallenge; operation.authenticationChallenge = self.authenticationChallenge;
operation.cacheResponse = self.cacheResponse; operation.cacheResponse = self.cacheResponse;
operation.redirectResponse = self.redirectResponse; operation.redirectResponse = self.redirectResponse;
operation.allowInvalidSSLCertificate = self.allowInvalidSSLCertificate;
return operation; return operation;
} }