Comments (7)
Hello,
Regarding your first question, you could either pin all the subdomains of a given domain (if your URLs are something like tenant-name.yourdomain.com) using kTSKIncludeSubdomains
, or you could set the TrustKit configuration within your App only after the final tenant-specific domain has been discovered.
Once a pinning configuration is set, there is no way to change it.
For RestKit, I am not familiar with this library so I don't know exactly error handling would work there.
Hope this helps!
from trustkit.
Thanks, I'll try this. Also, can you please tell me what's appropriate way to generate SPKI hash ? For example, how did you manage to generate "lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=" for www.datatheorem.com. Do I need a private key for this ?
from trustkit.
Another question... Is the only way to include SSL pinning with UIWebView by using NSURLSessionDataTask to ping server and check certificate and then loading web view data with i.e. loadRequest ? I saw this in your demo project and couldn't find more examples on this topic.
from trustkit.
To generate the SPKI hashes, you can use the get_pin_from_certificate.py script within the repo.
For your UIWebView idea, you should not implement what you described because it would not add any security (it wouldn't be pinning). The pinning check needs to happen on every connection, otherwise an attacker could selectively target the specific (UIWebView) connections that do not do the SSL pinning check.
from trustkit.
Thanks, I had some issues with HTTP cookies leftovers, that is why I wasn't able to do SSL pinning correctly. Everything is fine now.
from trustkit.
I'm currently left with handling preview of remote documents inside a UIWebView. By far, I didn't manage to find any way to enable SSL pinning for these cases. Can I accomplish this with NSURLSessionDataTask? Sorry to bother you like this, tell me if there's more suitable way.
from trustkit.
It is difficult to do pinning in a UIWebView and WKWebView provides better APIs for this. There's a specific section about that in the "Getting Started" guide (http://datatheorem.github.io/TrustKit/getting-started.html); look at "Pinning in Webviews".
Good luck!
from trustkit.
Related Issues (20)
- I am getting issue domain is not pinned HOT 2
- Support for iOS 12 & 13 needed HOT 2
- Trustkit not building on Xcode 14.3 HOT 2
- Build warning bitcode is enabled.
- build error on ios libTrustKit_Static.a HOT 3
- Random crash - TrustKit was not initialized
- Crash at ssl_pin_verifier.m - Line 43 HOT 4
- Crash at getCertificateAtIndex HOT 4
- Error when try build for Mac Catalyst
- Crash when app is restarted
- Crash in TrustKit initWithConfiguration:sharedContainerIdentifier:isSingleton:
- IOS17 support Trust Kit Crash (iphone15 physical) HOT 2
- TrustKit initialisation fully blocks the main thread in NotificationServiceExtension if its attempted before first unlock.
- TrustKitDynamic is not building HOT 1
- _SecTrustCopyCertificateChain getting EXC_BAD_ACCESS HOT 3
- VisionOS support
- Apple's update to their API policy - Required Reason in Privacy manifest HOT 4
- TrustKit crash only in production environment HOT 1
- [Bug] No longer working HOT 1
- If switch the calendar on your phone to the Japanese calendar, it may cause a date format error.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trustkit.