Swish icon indicating copy to clipboard operation
Swish copied to clipboard
verified publisher icon thoughtbot

Add SSL Pinning NSURLSession

Open gfontenot opened this issue 10 years ago • 4 comments

This seems like it's going to get real hairy real quick (and I know nothing about this stuff) but it's definitely something we should look into.

I'm thinking that we could maybe provide an NSURL session subclass that uses SSL pinning. It wouldn't be the default, but it'd be part of the public API. The idea would be that you can then instantiate your API Client with the pinned session object like so:

let cert: NSData // fetch from the bundle or whatever
let session = PinnedSession(cert: cert)
let client = APIClient(session: session)

gfontenot avatar Nov 29 '15 03:11 gfontenot

@gfontenot did you mean like this instead?

let cert: NSData
let session = PinnedSession(cert: cert)
let requestPerformer = NetworkRequestPerformer(session: session)
let client = APIClient(requestPerformer: requestPerformer)

paulyoung avatar Nov 30 '15 13:11 paulyoung

@paulyoung Ha, yes.

Maybe we could expose a performer instead, to simplify that API?

let cert: Data
let performer = PinnedRequestPerformer(cert: cert)
let client = APIClient(requestPerformer: performer)

gfontenot avatar Nov 30 '15 18:11 gfontenot

:+1:

paulyoung avatar Nov 30 '15 18:11 paulyoung

What solution do you have for SSL Pinning when using Swish?. I have tried with TrustKit, but it seems to not swizzle the calls.

martias avatar Feb 26 '18 13:02 martias