Wszystko wygl\u0105da dobrze na pierwszy rzut oka. W wi\u0119kszo\u015b\u009bci przypadk\u00f3w\u00a0nawet b\u0119dzie\u0082 dzia\u0142a\u0142o. Je\u017celi jednak trafisz na problem ze swoim serwerem i sprawdzisz jak to wygl\u0105da w Wiresharku:<\/p>\n
Widzimy, \u017ce co\u015b\u009b nie jest do ko\u0144ca w porz\u0105dku. Klient wys\u0142a\u0142\u0082 ten sam certyfikat dwa razy. Og\u00f3lnie nie powinno by\u0107 to problemem, ale je\u017celi\u00a0Tw\u00f3j serwer przetwarza certyfikaty i spodziewa si\u0119\u0099, \u017ce\u0099 b\u0119d\u0105\u0085 uporz\u0105dkowane w \u0142a\u0144cuch: certyfikat klienta, wydawca certyfikatu klienta itd. – wtedy mog\u0105\u0085 by\u0107 problemy.<\/p>\n Problem tego typu mo\u017cna\u0085 rozwi\u0105za\u0107 po stronie klienta lub po stronie serwera. Jednak najpoprawniejsze wydaje mi si\u0119\u0099 naprawienie go po stronie klienta. Zgodnie z\u00a0RFC2246<\/a> i RFC5246<\/a>\u00a0certyfikat klienta powinien wyst\u0105pi\u0107\u0087 tylko raz:<\/p>\n certificate_list Na szcz\u00c4\u0099\u0139\u009bcie poprawienie tego problemu jest trywialne. Zamieniamy t\u00c4\u0099 linijk\u00c4\u0099:<\/p>\n NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identityApp certificates:(__bridge NSArray *)myCerts<\/strong> persistence:NSURLCredentialPersistencePermanent];<\/p>\n na:<\/p>\n NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identityApp certificates:nil<\/strong> persistence:NSURLCredentialPersistencePermanent];<\/p>\n Testujemy, wszystko wygl\u0105da poprawnie. Problem rozwi\u0105\u0085zany bez kosztownych zmian w kodzie serwera.<\/p>\n","protected":false},"excerpt":{"rendered":" Kolejny o certyfikatach. Powiedzmy, \u017ce piszesz aplikacj\u0119\u0099 na iOS, kt\u00f3ra ma uwierzytelnia\u0107\u0087 si\u0119 za pomoc\u0105 certyfikatu. Implementujesz co\u015b\u009b takiego: – (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { if ([challenge previousFailureCount] > 0) { NSLog(@"Incorrect auth challenge %@", challenge); [[challenge sender] cancelAuthenticationChallenge:challenge]; return; } \/\/ Checking the server certificate if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodClientCertificate && self.account.clientCertificate.privateRepresentation.length > … Czytaj dalej \u201eBli\u017aniacze certyfikaty z iOS\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[11],"tags":[],"class_list":["post-226","post","type-post","status-publish","format-standard","hentry","category-mdm"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p217OK-3E","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/oso.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oso.com.pl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oso.com.pl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oso.com.pl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oso.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=226"}],"version-history":[{"count":3,"href":"https:\/\/oso.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/226\/revisions"}],"predecessor-version":[{"id":294,"href":"https:\/\/oso.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/226\/revisions\/294"}],"wp:attachment":[{"href":"https:\/\/oso.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oso.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oso.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"iOS](\"http:\/\/oso.com.pl\/wp-content\/uploads\/2013\/05\/ios_certs.png\")
<\/a><\/p>\n
\nThis is a sequence (chain) of X.509v3 certificates. The sender’s
\ncertificate must come first in the list. Each following
\ncertificate must directly certify the one preceding it. Because
\ncertificate validation requires that root keys be distributed
\nindependently, the self-signed certificate which specifies the
\nroot certificate authority may optionally be omitted from the
\nchain, under the assumption that the remote end must already
\npossess it in order to validate it in any case.
\nThe same message type and structure will be used for the client’s
\nresponse to a certificate request message. Note that a client may
\nsend no certificates if it does not have an appropriate certificate
\nto send in response to the server’s authentication request.<\/em><\/p>\n