parse-php-sdk icon indicating copy to clipboard operation
parse-php-sdk copied to clipboard
verified publisher icon parse-community

Certificate Pinning

Open kingmatusevich opened this issue 9 years ago • 3 comments

The SDKs should be compatible with pinned certificates for connecting to the Parse Servers, allowing for faster, safer deployment, particularly in small or internal deployments.

kingmatusevich avatar Jan 29 '16 20:01 kingmatusevich

@montymxb @kingmatusevich is this issue closed?

davidtavarez avatar Nov 28 '17 12:11 davidtavarez

@davidtavarez Nope, it is still open and still something we are happy to implement in the future; but no work has started on this yet.

montymxb avatar Nov 29 '17 08:11 montymxb

Doesn't ParseClient::setCAFile already kinda does this? I can add a valid test for this.

What other types of SSL/TLS check would be needed? (That would support both cURL and stream_context).

dplewis avatar Jul 19 '19 02:07 dplewis

This can be achieved by creating your own HTTP client and pass in your SSL/TLS options

ParseClient::setHttpClient(new CustomHTTPClient());

https://github.com/parse-community/parse-php-sdk#http-clients

We could add ParseClient::setOptions() to support certificate pinning out of the box for both cURL and stream clients. This would also support any of the many other features for cURL and stream context.

dplewis avatar May 11 '23 16:05 dplewis

For those interested I added an example for public key pinning, cert fingerprint checking, peer verification in PHP and JavaScript (not really a thing in javascript but useful) using self signed certs https://github.com/parse-community/parse-php-sdk/pull/513

dplewis avatar May 13 '23 16:05 dplewis