我目前可以使用 Alamofire 和 SSL 固定在我的 IOS 应用程序上登录我的公司网站。

但是我无法登录到我网站的子域。 我的代码中是否缺少任何特殊配置，以便能够与我的子域建立 SSL 通信？

1. 我在应用程序包中添加了证书文件 .cer
2. 创建 [SecCertificate]

func loadcertificate()->[SecCertificate]{
        guard let pathToCert = Bundle.main.path(forResource: "amua",ofType: "cer") else {fatalError("can not find")}
        guard let localCertificate = NSData(contentsOfFile: pathToCert) else {fatalError("can not load")}
        guard let cert = SecCertificateCreateWithData(nil,localCertificate) else {fatalError("can not read cert")}
        
        return  [cert]
    }

3. 创建 Alamofire 会话和连接请求：

 func connection() {
        sessionManager = Session(configuration: URLSessionConfiguration.default)
        
        let evaluator = PinnedCertificatesTrustEvaluator(certificates: loadcertificate(),acceptSelfSignedCertificates: false,performDefaultValidation: true,validateHost: true)
        
        let ServerTrustManager = ServerTrustManager(allHostsMustBeEvaluated: false,evaluators:
                                                        ["airmacau.com.mo" : evaluator])
        sessionManager = Session(configuration: URLSessionConfiguration.default,delegate: SessionDelegate(),serverTrustManager: ServerTrustManager)
        
        
        sessionManager?.request("https://icrew.airmacau.com.mo",method: .get,encoding: URLEncoding.default)
            
            .response { response in
                if let st = response.data {
                    let str = String(decoding: st,as: UTF8.self)
                    do {
                        print("OK")
                        let doc: Document = try SwiftSoup.parse(str)
                        print(doc)
                    }catch let err  {
                        print("ERRORE .get icrew")
                        print(err.localizedDescription)
                    }
                    
                    
                }
            }
    }
}

如果我连接到主网站地址 https://www.airmacau.com.mo 一切正常，如果我连接到子域 https://icrew.airmacau.com.mo 连接失败，我收到错误 HANDSHAKE_FAILURE

解决方法

class WildcardServerTrustPolicyManager: ServerTrustManager {
    override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
        if let policy = evaluators[host] {
            return policy
        }
        var domainComponents = host.split(separator: ".")
        if domainComponents.count > 2 {
            domainComponents[0] = "*"
            let wildcardHost = domainComponents.joined(separator: ".")
            return evaluators[wildcardHost]
        }
        return nil
    }
}

 let evaluators: [String: ServerTrustEvaluating] = [
        "*.airmacau.com.mo": evaluator
    ]

    let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)

sessionManager = Session(configuration: URLSessionConfiguration.default,delegate: SessionDelegate(),serverTrustManager: manager)