IOS ATS afnetworking Single authentication

Tls:transport Layer Security

First TLS is available in version, and iOS requires a version that is TLS 1.2.

To be just in case, first check the version provided by the server.

Nscurl--ats-diagnostics--verbose https://app.xxx.com

For example, this is not supported.

Then there is the configuration of the afnetworking. Directly set the Afhttpsessionmanager's securitypolicy on the line.

#import<Foundation/Foundation.h>@classAfsecuritypolicy;@interfaceNetsecuritypolicy:nsobject+ (afsecuritypolicy*) securitypolicy;@end////////////netsecuritypolicy.m//////Created by kaycm on 2016/11/29.//Copyright 2016 M1989. All rights reserved.//#import "NetSecurityPolicy.h"#import "AFNetworking.h"@implementationNetsecuritypolicy+ (afsecuritypolicy*) securitypolicy{///import Certificates FirstNSString *cerpath = [[NSBundle mainbundle] Pathforresource:@"Server"OfType:@"cer"];//path to the certificateNSData*certdata =[NSData Datawithcontentsoffile:cerpath]; if(certdata) {//afsslpinningmodecertificate Using certificate validation modeAfsecuritypolicy *securitypolicy =[Afsecuritypolicy policywithpinningmode:afsslpinningmodecertificate]; //allowinvalidcertificates whether to allow invalid certificates (that is, self-built certificates), default to No//If you need to validate your self-built certificate, you need to set it to YesSecuritypolicy.allowinvalidcertificates =NO; //Validatesdomainname If you need to verify the domain name, the default is yes;//if the domain name of the certificate does not match the domain name you requested, you need to set the entry to no, and if it is set to No, the server can also establish a connection by using a certificate issued by another trusted authority, which is very dangerous and is recommended to be opened. //set to No, mainly used in this case: the client is requesting a subdomain, and the certificate is a different domain name.        Because the domain name on the SSL certificate is independent, if the domain name registered on the certificate is www.google.com, then mail.google.com cannot be verified; Of course, the rich can register the wildcard name *.google.com, but this is still relatively expensive. //if set to No, it is recommended that you add the check logic for the corresponding domain name. Securitypolicy.validatesdomainname =YES; Securitypolicy.pinnedcertificates= [Nsset setwithobject:certdata];//@[certdata];                returnsecuritypolicy; }Else{NSLog (@"Certificate Error"); returnNil; }                    }@end

Call

Afhttpsessionmanager *session = [Afhttpsessionmanager manager];    [Session Setsecuritypolicy:[netsecuritypolicy SecurityPolicy];

Other, PEM to CER

OpenSSL X509- in Xxx.pem-outform der-out server.cer

IOS ATS afnetworking Single authentication