一、介绍
在项目开发中,服务端和客户端的协作尤为重要,而连接它们的最重要的环节之一就是网络请求,对于服务端而言,如果这个环节出现了错误,那么安全性就无从谈起,同时对于客户端而言,如果这个模块出现了错误,那么后续的开发就无法继续进行下去。诚然,当网络请求真的出现了问题,快速定位问题的源头就显得迫在眉睫了。本博文提供三种定位问题源头的方法,判断是服务端的原因,还是客户端的原因,避免大家找问题浪费大量的无用功。
二、ATS
一个配置网络请求方式的配置字段,NSAppTranportSecurity下的 Allow Arbitrary Loads,设置为NO,默认所有的网络请求都必须走HTTPS(SSL/TLS)协议;如果设置为YES,即是全局设置,既可以走HTTP协议,也可以走HTPPS(SSL/TLS)协议。
三、问题定位方式(查看网络请求的详细log日志)
第一种方式:配置CFNETWORK_DIAGNOSTICS=1
步骤:打开xcode的项目,找到edit scheme中的run,然后选择Arguments,给Envaironment Variables添加CFNETWORK_DIAGNOSTICS=1,最后运行程序发送网络请求即可。此时在consolelog控制器会给出网络请求详细的log日志文件路径,根据路径找到就OK了。配置如图:
点击按钮测试发送请求,我以我公司的官方来测试(本公司服务端已做了https配置)
// ViewController.m // RequestDemo // Created by 夏远全 on 16/12/25. // Copyright © 2016年 广州市东德网络科技有限公司. All rights reserved. #import "ViewController.h" @interface ViewController () @end @implementation ViewController - (void)viewDidLoad { [super viewDidLoad]; self.view.backgroundColor = [UIColor whiteColor]; //发送请求 UIButton *requestBtn = [[UIButton alloc] initWithFrame:CGRectMake(140, 200, 200, 80)]; requestBtn.backgroundColor = [UIColor redColor]; [requestBtn setTitle:@"requestSend" forState:UIControlStateNormal]; [requestBtn setTitleColor:[UIColor greenColor] forState:UIControlStateNormal]; [requestBtn addTarget:self action:@selector(requestSend) forControlEvents:UIControlEventTouchUpInside]; [self.view addSubview:requestBtn]; } //发送请求 -(void)requestSend{ NSURL *URL = [NSURL URLWithString:@"https://www.biaojiepay.com"]; NSURLRequest *request = [NSURLRequest requestWithURL:URL]; [NSURLConnection sendAsynchronousRequest:request queue:[NSOperationQueue currentQueue] completionHandler:^(NSURLResponse * _Nullable response, NSData * _Nullable data, NSError * _Nullable connectionError) { NSLog(@"complete"); }]; } @end
打印的显示log日志文件路径如下:
2016-12-26 00:29:26.910 RequestDemo[966:51790] CFNetwork diagnostics log file created at: /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Logs/CrashReporter/CFNetwork_com.biaojiepay.RequestDemo_966.nwlrb.log 2016-12-26 00:29:27.049 RequestDemo[966:50107] complete
此时按照提供的路径去访问该文件查看,里面记录了网络请求的详细日志信息
Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:1] 00:29:26.910 { LoaderWhatToDo Request: <CFURL 0x7ff8ea816690 [0x10420ba40]>{string = https://www.biaojiepay.com/, encoding = 134217984, base = (null)} CachePolicy: 0 WhatToDo: originload CreateToNow: 0.02034s } [1:1] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:2] 00:29:26.912 { AddCookies Continue: request GET https://www.biaojiepay.com/ HTTP/1.1 HTTPProtocol: Task: e8ca1fd0 } [1:2] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:3] 00:29:26.912 { DiskCookieStorage Construction: Binary{ Disk Cookies: { /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, <0 cookies in 0 domains> clean not writing } } Accessing: <CFURL 0x7ff8e8ead9f0 [0x10420ba40]>{string = file:///Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, encoding = 134217984, base = (null)} Path: /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies Read from disk: <0 cookies in 0 domains> Dirty: NO Writing: NO Policy: 2 } [1:3] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:4] 00:29:26.913 { DiskCookieStorage Journaling On: Binary{ Disk Cookies: { /Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, <0 cookies in 0 domains> clean not writing } } File: <CFURL 0x7ff8e8caa490 [0x10420ba40]>{string = file:///Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, encoding = 134217984, base = (null)} } [1:4] Dec 26 00:29:26 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:5] 00:29:26.913 { Protocol Enqueue: request GET https://www.biaojiepay.com/ HTTP/1.1 Request: <CFURLRequest 0x7ff8ea816700 [0x10420ba40]> {url = https://www.biaojiepay.com/, cs = 0x0} Message: GET https://www.biaojiepay.com/ HTTP/1.1 } [1:5] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:6] 00:29:27.001 { Peer certificate Subject Sum: www.biaojiepay.com Summary: Symantec Basic DV SSL CA - G1 } [1:6] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:7] 00:29:27.008 { Authentication Challenge Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Challenge: challenge space https://www.biaojiepay.com:443/, ServerTrustEvaluationRequested (Hash c4e968442f77296) } [1:7] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:8] 00:29:27.008 { Use Credential Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Credential: null } [1:8] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:9] 00:29:27.009 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:9] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:10] 00:29:27.046 { Protocol Received: request GET https://www.biaojiepay.com/ HTTP/1.1 Response: HTTP/1.1 200 OK } [1:10] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:11] 00:29:27.046 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:11] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:12] 00:29:27.046 { destroyReadStream: request GET https://www.biaojiepay.com/ HTTP/1.1 Request: <CFURLRequest 0x7ff8ea816700 [0x10420ba40]> {url = https://www.biaojiepay.com/, cs = 0x0} sent: <CFNumber 0xb000000000000c53 [0x10420ba40]>{value = +197, type = kCFNumberSInt64Type} received: <CFNumber 0xb00000000000d213 [0x10420ba40]>{value = +3361, type = kCFNumberSInt64Type} cell sent: <CFNumber 0xb000000000000003 [0x10420ba40]>{value = +0, type = kCFNumberSInt64Type} cell received: <CFNumber 0xb000000000000003 [0x10420ba40]>{value = +0, type = kCFNumberSInt64Type} } [1:12] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:13] 00:29:27.047 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:13] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:14] 00:29:27.047 { Response Complete Request: <CFURLRequest 0x7ff8ea816700 [0x10420ba40]> {url = https://www.biaojiepay.com/, cs = 0x0} } [1:14] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:15] 00:29:27.047 { Did Finish Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} init to origin load: 0.021334s total time: 0.15739s total bytes: 10656 } [1:15] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:16] 00:29:27.048 { touchConnection Loader: <CFURLRequest 0x7ff8e8c9ba60 [0x10420ba40]> {url = https://www.biaojiepay.com, cs = 0x0} Timeout Interval: 60.000 seconds } [1:16] Dec 26 00:29:27 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:17] 00:29:27.048 { ~HTTPProtocol: nullptr request Request: null sent: 197 received: 3361 cell sent: 0 cell received: 0 } [1:17] Dec 26 00:29:28 RequestDemo[966] <Notice>: CFNetwork Diagnostics [1:18] 00:29:28.914 { DiskCookieStorage Sync Request Forced: no isDirty: no isWriting: no File: <CFURL 0x7ff8e8eb0cb0 [0x10420ba40]>{string = file:///Users/FanLei/Library/Developer/CoreSimulator/Devices/C4192179-66A1-40C6-B09B-095C1248F68E/data/Containers/Data/Application/FE58F06E-B7BC-428E-82AE-0ED0A567ACD1/Library/Cookies/com.biaojiepay.RequestDemo.binarycookies, encoding = 134217984, base = (null)} Journal: yes Mutations: 0 } [1:18]
第二种方式:采用mac自带的命令行查看网络请求日志,即/usr/bin/nscurl --ats-diagnostics --verbose https://www.biaojiepay.com(这个是带上的测试网址)
使用该命令行发送请求测试,我以我公司的官方来测试(本公司服务端已做了https配置,所有验证都会通过Pass)
终端运行结果如下:可以看到全都支持,所以pass通过
Last login: Sun Dec 25 23:55:12 on ttys003 FanLeideMacBook-Pro:~ FanLei$ /usr/bin/nscurl --ats-diagnostics --verbose https://www.biaojiepay.com Starting ATS Diagnostics Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://www.biaojiepay.com. A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error. ================================================================================ Default ATS Secure Connection --- ATS Default Connection ATS Dictionary: { } Result : PASS --- ================================================================================ Allowing Arbitrary Loads --- Allow All Loads ATS Dictionary: { NSAllowsArbitraryLoads = true; } Result : PASS --- ================================================================================ Configuring TLS exceptions for www.biaojiepay.com --- TLSv1.2 ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; }; }; } Result : PASS --- --- TLSv1.1 ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; }; }; } Result : PASS --- --- TLSv1.0 ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions for www.biaojiepay.com --- Disabling Perfect Forward Secrecy ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions and allowing insecure HTTP for www.biaojiepay.com --- Disabling Perfect Forward Secrecy and Allowing Insecure HTTP ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled for www.biaojiepay.com --- TLSv1.2 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for www.biaojiepay.com --- TLSv1.2 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "www.biaojiepay.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ FanLeideMacBook-Pro:~ FanLei$
第三种方式:如果是服务端的问题,可以采用TLSTool来帮助你定位。(坑:TSLTool不能再Xcode8下编译)
先下载工具编译后,再在终端测试示例:我以我公司的官方来测试,端口443(本公司服务端已做了https配置,所有验证都会通过Pass)
./TLSTool s_client -connect www.biaojiepay.com:443 GET https://www.biaojiepay.com HTTP/1.1 Host: www.biajiepay.com