Open cherish1 opened 7 years ago
Of course, but need to modify the source code Here are the changes I made to ASIHTTPRequest.m – (void)startRequest method: // // Handle SSL certificate settings // // kCFStreamSocketSecurityLevelTLSv1_0SSLv3 configures max TLS 1.0, min SSLv3 // kCFStreamSocketSecurityLevelTLSv1_0 configures to use only TLS 1.0. // kCFStreamSocketSecurityLevelTLSv1_1 configures to use only TLS 1.1. // kCFStreamSocketSecurityLevelTLSv1_2 configures to use only TLS 1.2. if([[[[self url] scheme] lowercaseString] isEqualToString:@"https"]) {
// Tell CFNetwork not to validate SSL certificates
if (![self validatesSecureCertificate]) {
// see: http://iphonedevelopment.blogspot.com/2010/05/nsstream-tcp-and-ssl.html
NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
kCFNull,kCFStreamSSLPeerName,
@"kCFStreamSocketSecurityLevelTLSv1_2", kCFStreamSSLLevel,
nil];
CFReadStreamSetProperty((CFReadStreamRef)[self readStream],
kCFStreamPropertySSLSettings,
(CFTypeRef)sslProperties);
[sslProperties release];
}
// Tell CFNetwork to use a client certificate
if (clientCertificateIdentity) {
NSMutableDictionary *sslProperties = [NSMutableDictionary dictionaryWithCapacity:1];
NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[clientCertificates count]+1];
// The first object in the array is our SecIdentityRef
[certificates addObject:(id)clientCertificateIdentity];
// If we've added any additional certificates, add them too
for (id cert in clientCertificates) {
[certificates addObject:cert];
}
[sslProperties setObject:certificates forKey:(NSString *)kCFStreamSSLCertificates];
[sslProperties setObject:@"kCFStreamSocketSecurityLevelTLSv1_2" forKey:(NSString *)kCFStreamSSLLevel];
CFReadStreamSetProperty((CFReadStreamRef)[self readStream], kCFStreamPropertySSLSettings, sslProperties);
}
}
ASI support https ?