AFNETWORKING+PYTHON+FLASK+PYOPENSSL build iOS HTTPS client & server side

For HTTPS I looked up a bunch of information on the Internet, and the protocols and certificates were a little dizzy.

Finally, I have the feeling that a certificate is placed on the HTTP server, before the original HTTP access to the client to check whether the certificate is correct

If the client certificate is checked correctly, it means that the server I want to connect to IS

No, that means the server is a fake.

You can also put a certificate on the client side to check the certificate from the client.

If the server checks the certificate correctly, it means that the client is my little brother, I allow him to connect in.

No, that means the client is "undercover" and can't let him in.

All right, Duzi, talk about the process I'm building.

Where's the certificate?

Can be found on the internet, there is a fee for free trial, but also to do their own

Look at the next don't want to toss, do it yourself

This is going to use the Pyopenssl, the method is as follows

1. Installing Pyopenssl

sudo easy_install pyopenssl

You can start your own certificate by installing it.

2. Generate a Privatekey

1024

3. Generate. CSR

OpenSSL Req-new-key server.key-out SERVER.CSR

4. Generate. Key

CP Server.key server.key.org OpenSSL RSA- in Server.key.org-out server.key

5. Generate. CRT

365 - in Server.csr-signkey server.key-out server.crt

OK, so in the current directory there are Server.key & SERVER.CRT, these two can be directly to the server with

Server I was using Python+flask to provide an example code:

1  fromFlaskImportFlask, Jsonify2App = Flask (__name__)3 4@app. Route ('/test', methods=['GET'])5 defmethod ():6     returnJsonify ({'Result':'OK'})7 8App.run (port=8100,ssl_context= ('/USERS/JACKEY/DOWNLOADS/BACKHOMESERVER/SERVER.CRT','/users/jackey/downloads/backhomeserver/server.key'))

All right, all of this is pretty much a simple HTTPS server.

Under the browser test, to manually set the trust of this certificate can be connected properly

The next step is to configure the client.

Before you do this, convert the CRT certificate to the CER format, with the same OpenSSL code as follows:

OpenSSL X509- in Server.crt-out Server.cer-outform der

So the current directory is one more Server.cer

Drag the Server.cer to the project, remember copy item if needed and targets all to tick, otherwise will error

And then just connect with the afnetworking, just more than the general HTTP connection set up the certificate section

Give an example:

1Manager =[Afhttpsessionmanager manager];2     3Afsecuritypolicy *securitypolicy =[Afsecuritypolicy Policywithpinningmode:afsslpinningmodepublickey];4Securitypolicy.allowinvalidcertificates =YES;5Manager.securitypolicy =securitypolicy;6 7[Manager GET:@"https://localhost:8100/test"Parameters:nil Progress:nil success:^ (nsurlsessiondatatask * _nonnull task,ID_nullable Responseobject) {8NSLog (@"Pass");9} failure:^ (Nsurlsessiondatatask * _nullable task, Nserror *_nonnull Error) {TenNSLog (@"fail"); One}];

Such a simple HTTPS chain is complete, but if the security requirements are higher

It needs to be adjusted on the certificate and the authentication method.

AFNETWORKING+PYTHON+FLASK+PYOPENSSL build iOS HTTPS client & server side