Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
MIT License
Bot releases are visible (Hide)
Published by nabla-c0d3 about 8 years ago
[TrustKit setLoggerBlock:]
for overriding and customizing TrustKit's logging functionality.[TSKPinningValidator handleChallenge:completionHandler:]
to make it easy to implement pinning validation in NSURLSession
and WKWebView
delegates.SecKey
APIs, instead of leveraging the device's Keychain. This significantly simplifies and speeds up pinning validation.IOKit
as a dependency.domain-registry-provider
, OCMock
) with the corresponding source code.Published by nabla-c0d3 over 8 years ago
kTSKAlgorithm
) for a single domain.Published by nabla-c0d3 over 8 years ago
"trustkit-version"
: the version number of the TrustKit library embedded within the App."enforce-pinning"
: whether TrustKit was configured to block the connection.SecTrustRef
object being unexpectedly released.kTSKSwizzleNetworkDelegates
setting, which controls whether the App's network delegates should be swizzled to automatically add SSL pinning validation. See the Getting Started guide for more information.Published by nabla-c0d3 over 8 years ago
NSNotifications
(posted under the kTSKValidationCompletedNotification
name) to allow Apps to be notified when TrustKit performed an SSL pinning validation for a connection. These notifications can be used for performance measurement or to act upon any pinning validation performed by TrustKit (for example to customize the reporting mechanism). More information is available in the documentation.Published by nabla-c0d3 over 8 years ago
TSKPinningValidator
to reject invalid certificate chains when TrustKit is configured to not enforce pinning.Published by nabla-c0d3 over 8 years ago
Published by nabla-c0d3 almost 9 years ago
_Nonnull
annotations to NS_ASSUME_NONNULL
audited regions, in order to make TrustKit compatible with older versions of Xcode (6.3 and 6.4).Published by nabla-c0d3 almost 9 years ago
AccessibleAfterFirstUnlock
.IOS
or OSX
.Published by nabla-c0d3 almost 9 years ago
Published by nabla-c0d3 about 9 years ago
NSURLSession
and NSURLConnection
delegates to add pinning validation to the delegate's authentication handler methods; for developers who want to call into TrustKit manually, this behavior can be disabled using the TSKSwizzleNetworkDelegates
setting. This change was made due to the previous hooking strategy (targeting SecureTransport) not working on iOS 9.TSKSwizzleNetworkDelegates
, TSKIgnorePinningForUserDefinedTrustAnchors
, TSKPinnedDomains
. If you have an existing pinning policy for TrustKit 1.1.3, all you need to do is put it under the TSKPinnedDomains
key.TSKPinningValidator
API to make it easy to write authentication handlers that enforce the App's SSL pinning policy. Sample code describing how to do it is available in the documentation.Published by nabla-c0d3 about 9 years ago
Published by nabla-c0d3 about 9 years ago
Published by nabla-c0d3 over 9 years ago
TSKIncludeSubdomains
enabled.Published by nabla-c0d3 over 9 years ago
TSKIgnorePinningForUserDefinedTrustAnchors
configuration setting to skip pinning validation if the server's certificate chain terminates at a user-defined trust anchor. This is useful for allowing SSL connections through corporate proxies or firewalls. Only available on OS X.validation-result
field, in order to help troubleshoot pin validation failures.TSKPinVerifier
to TSKPinningValidator
. Also, the class will now send reports when pin validation failures occur.kTSKEnforcePinning
is set to NO
, no SSL connections will be blocked at all. In previous versions, SSL connections where the evaluation of the certificate chain failed (ie. "standard" certificate validation) would be blocked regardless of kTSKEnforcePinning
.Published by nabla-c0d3 over 9 years ago
kTSKIncludeSubdomains
, where two unrelated domains would be interpreted as subdomains of each other.Published by nabla-c0d3 over 9 years ago
Initial release.