Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Added new server trust policy: Revocation #1822
Could you provide a detailed writeup of this set of changes, the problems you were trying to solve and how the tests verify the behavior? The more detail the better. This will not only be for our own knowledge, but for those in the future to refer back to this ticket.
Here are information of this changes.
[1. About this change]
Alamofire also enable trust policy revocation if user wanna check server certificates is revoked.
[2. What solves this change]
[3. How to test this change]
And also I added to unit test. It checks revoked server: https://revoked.badssl.com.
First off let me apologize for taking so long to go through this. Your patience is appreciated. I can also say that I'm very glad I waited until I had enough time to go through this throughly. The tests took me forever to understand exactly what's happening across all the versions of all platforms.
With that said, thank you so much for your efforts here on this PR. It's greatly appreciated! I've picked this PR apart into a bunch of different commits to test all the functionality and for my own understanding. Here's a breakdown of what I've added and modified in this PR.
What I was amazed to find is that it appears Apple has started enabling automatic revocation testing in the latest platforms (iOS 10.1+), but the test suite is so finicky that I had to disable the tests. Thankfully on all platforms, enabling revocation testing directly does result in consistent behavior.
Through most of my testing, I think you really want to weigh the tradeoffs of using
Overall, thank you so much for bringing the revocation testing to our attention and going the extra step to implement it. I think this is a great addition to the Alamofire core library and we really appreciate you taking the time to put this all together. Great work!
Just FYI...these changes will ship as part of Alamofire 4.3.0 here shortly.