Permalink
Browse files

[Issue #2619] Default validatesDomainName property to YES

  • Loading branch information...
mattt committed Mar 27, 2015
1 parent b0dd3d9 commit 3e631b203dd95bb82dfbcc2c47a2d84b59d1eeb4
Showing with 2 additions and 17 deletions.
  1. +1 −1 AFNetworking/AFSecurityPolicy.h
  2. +1 −16 AFNetworking/AFSecurityPolicy.m
@@ -57,7 +57,7 @@ typedef NS_ENUM(NSUInteger, AFSSLPinningMode) {
@property (nonatomic, assign) BOOL allowInvalidCertificates;
/**
Whether or not to validate the domain name in the certificate's CN field. Defaults to `YES` for `AFSSLPinningModePublicKey` or `AFSSLPinningModeCertificate`, otherwise `NO`.
Whether or not to validate the domain name in the certificate's CN field. Defaults to `YES`.
*/
@property (nonatomic, assign) BOOL validatesDomainName;
@@ -198,26 +198,11 @@ - (id)init {
}
self.validatesCertificateChain = YES;
self.validatesDomainName = YES;
return self;
}
#pragma mark -
- (void)setSSLPinningMode:(AFSSLPinningMode)SSLPinningMode {
_SSLPinningMode = SSLPinningMode;
switch (self.SSLPinningMode) {
case AFSSLPinningModePublicKey:
case AFSSLPinningModeCertificate:
self.validatesDomainName = YES;
break;
default:
self.validatesDomainName = NO;
break;
}
}
- (void)setPinnedCertificates:(NSArray *)pinnedCertificates {
_pinnedCertificates = pinnedCertificates;

1 comment on commit 3e631b2

@natecode

This comment has been minimized.

Show comment
Hide comment
@natecode

natecode Apr 17, 2015

@mattt, as I understand it, this flaw means that an attacker can present any valid certificate and the CNAME will not be checked. I could use a Verisign cert for "nate.com" to MITM your connections to "yourbank.com". However, this commit was not released in 2.5.2 along with the other SSL cert validation fix so developers using 2.5.2 are not safe against this yet.

In both cases, apps that are using pinning (either cert or public key) are not vulnerable to either of these flaws. Is this also correct? Thanks.

natecode commented on 3e631b2 Apr 17, 2015

@mattt, as I understand it, this flaw means that an attacker can present any valid certificate and the CNAME will not be checked. I could use a Verisign cert for "nate.com" to MITM your connections to "yourbank.com". However, this commit was not released in 2.5.2 along with the other SSL cert validation fix so developers using 2.5.2 are not safe against this yet.

In both cases, apps that are using pinning (either cert or public key) are not vulnerable to either of these flaws. Is this also correct? Thanks.

Please sign in to comment.