ios - How to compare SSL certificates using AFNetworking -


in iphone app i'm using https connection self-signed ssl certificate download sensible data (username , password) server.

this app private use only, not meant production.

i'm using afnetworking manage https connection but, since certificate isn't signed ca, in order make work had add following header of afurlconnectionoperation class:

#define _afnetworking_allow_invalid_ssl_certificates_ 1

but app allow certificate.

is there way allow certificate server maybe bundling in app , comparing certificate provided server in https connection? , if possible, there significant advantage in terms of security?

i'm new security , i'm kind of confused.

the term you're looking ssl pinning, app verifies known certificate or public key matches 1 presented remote server.

afnetworking supports both pinning certificates or public keys. you'll need add certificate(s) or public key(s) app's bundle, , enable feature setting either defaultsslpinningmode property on afhttpclient or sslpinningmode property on afurlconnectionoperation.

you can pin using afsslpinningmodepublickey or afsslpinningmodecertificate. afsslpinningmodecertificate means server's certificate must match 1 of in bundle.

afsslpinningmodepublickey more liberal , means server's certificate must match public key in bundle, or public key attached certificates in bundle.

there's example of setting pinning mode in appdotnet example.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more