SSL握手失败,即使在iOS上为Charles代理证书授予完全信任。

huangapple go评论109阅读模式
英文:

Getting SSL handshake failed for Charles Proxy certificate on iOS even after granting full trust

问题

我不要回答你要翻译的问题。以下是要翻译的内容:

我在iOS 16.1的Charles代理中不断收到以下错误:

SSL握手与客户端失败 - 远程主机终止了握手

这应该表明证书不受信任,但我已在iPhone设置中授予了完全信任。

以下是重现步骤:

  1. 在macOS上下载并安装Charles代理,并启用SSL代理。HTTP代理端口设置为8888。
  2. 在iPhone上,在Wi-Fi设置中启用手动代理,并输入计算机的IP和端口8888。
  3. 然后在Charles代理中会出现对话框,需要点击"允许"。
  4. 在iPhone上转到chls.pro/ssl以下载证书。
  5. 在iPhone的设置中安装一个新的带有证书的配置文件。
  6. 然后在设置 -> 通用 -> 关于 -> 证书信任设置中将证书的开关设置为打开。

我可以在Charles代理中看到请求,但它们都带有SSL握手错误。此外,iPhone上的Safari返回错误消息"此连接不是私密连接"。

有人可以解释我做错了什么吗?

以下是来自证书信任设置的屏幕截图。

SSL握手失败,即使在iOS上为Charles代理证书授予完全信任。

英文:

I am constantly getting

> SSL handshake with client failed - Remote host terminated the
> handshake

error in Charles Proxy from iOS 16.1, which should indicate that certificate isn't trusted, but I granted full trust in the iPhone settings.

Here are steps to reproduce:

  1. Download and install Charles Proxy on macOS and enable SSL Proxying. HTTP proxy port is set to 8888
  2. On iPhone, in wifi settings enable manual proxy and enter the computer's IP and port 8888
  3. Then dialog will appear in Charles Proxy on which need to click "Allow"
  4. On iPhone go to chls.pro/ssl in order to download the certificate
  5. In iPhone's settings install a new profile with a certificate.
  6. Then in Settings -> General -> About -> Certificate Trust Settings set the switch for the certificate to on.

I can see requests in Charles Proxy but they all are with SSL handshake error. Also, Safari on iPhone returns the error "This Connection Is Not Private"

Can someone explain what am I doing wrong?

Here is the screenshot from the Certificate Trust Settings.

SSL握手失败,即使在iOS上为Charles代理证书授予完全信任。

答案1

得分: 8

终于,我找到了问题所在。在我的情况下,问题是由于证书过期引起的。为了修复它,需要前往 帮助 -> SSL代理 -> 重置Charles根证书...。它将生成一个新证书。然后需要安装它并信任它。

我之前没有注意到这个问题,因为我之前只在Android上工作,它不会检查证书是否过期,而iOS会。

由于我之前找不到类似情况的故障排除清单,我会在这里提到它。希望它能帮助到某人:

  1. 确保 启用SSL代理代理 -> SSL代理设置... 中已启用。
  2. 检查 排除 列表是否包含您尝试录制的位置。
  3. 检查 代理 -> 录制设置 中是否有不必要的排除或包含。
  4. 检查目标设备是否连接到与计算机相同的Wi-Fi点。
  5. 检查目标设备上的Wi-Fi代理是否已启用。
  6. 检查目标设备上的Wi-Fi代理是否正常工作。可以通过输入不正确的代理IP并尝试通过浏览器访问互联网来检查。如果代理正常工作,将无法访问互联网。(注意:在撰写本答案时,某些带有iOS 16的iPhone可能没有正常工作的代理。更多信息在这里
  7. 检查代理是否配置了正确的IP和端口。
  8. 检查目标设备是否安装了Charles的证书。
  9. 检查目标设备是否信任Charles的证书。
  10. 检查Charles的证书是否过期。如果过期了,前往 帮助 -> SSL代理 -> 重置Charles根证书... 并重新安装证书。
    11.(适用于Android)检查目标应用程序是否在 AndroidManifest.xml 中引用了 network_security_config.xml
英文:

Finally, I found the problem. In my case, it was an expired certificate. In order to fix it, it is necessary to go to Help -> SSL Proxying -> Reset Charles Root Certificate.... It will generate a new one. Then it is needed to install it and grant trust to it.

I wasn't noticing it because before I was working only with Android and it didn't check if a certificate was expired, unlike iOS.

Because I wasn't been able to find any troubleshooting checklist for similar situations I will mention it here. Hopefully, it will help somebody:

  1. Make sure that Enable SSL Proxying is enabled in Proxy -> SSL Proxying Settings...
  2. Check that the Exclude list doesn't contain the locations that you are trying to record.
  3. Check that Proxy -> Record Settings doesn't have unneeded excludes or includes
  4. Check if your target device is connected to the same wifi point as a computer.
  5. Check if the wifi proxy on the target device is enabled.
  6. Check if the wifi proxy on the target device is working. It is possible to check by entering incorrect proxy IP and trying to access the internet through a browser. If the proxy is working there will be no access to the Internet. (Note: at the time of writing this answer some iPhones with iOS 16 do have not a working proxy. More info here)
  7. Check if the proxy is configured with the correct IP and port
  8. Check if the target device has Charles's certificate installed
  9. Check if the target device trusts Charles's certificate
  10. Check if Charles's certificate isn't expired. If it is, go to Help -> SSL Proxying -> Reset Charles Root Certificate... and reinstall the certificate.
  11. (for Android) Check if the target app has network_security_config.xml referenced in AndroidManifest.xml

答案2

得分: 1

Updating to the latest version of Charles (4.6.4 at time of writing) fixed the issue for me.

英文:

Updating to the latest version of Charles (4.6.4 at time of writing) fixed the issue for me.

答案3

得分: 0

如果您遇到iOS设备上的证书过期问题,请确保在重新创建新证书后重新启动Charles应用程序本身。

  1. 帮助 -> SSL代理 -> 重置Charles根证书...
  2. 按照帮助框中的指南导航到chls.pro/ssl
  3. 安装证书
  4. 设置 -> 关于 -> 证书信任设置 -> 切换新证书中启用信任设置
  5. 重新启动Charles应用程序
英文:

If your issue was expired certificate on iOS device, make sure to restart charles app itself after you re-create a new certificate.

  1. Help -> SSL Proxying -> Reset Charles Root Certificate...
  2. Follow the guide in the help box to navigate to chls.pro/ssl
  3. Install the certificate
  4. Enable the trust settings in Settings -> About -> Certificate Trust Settings -> Toggle new certificate on
  5. Restart Charles app

huangapple
  • 本文由 发表于 2023年2月8日 23:54:42
  • 转载请务必保留本文链接:https://go.coder-hub.com/75388382.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定