Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

README.md

Xamarin.SSLPinning

Test project to setup SSL pinning with Xamarin

Looking for a workaround for blog post here

Basically I did the following to get this to work:

  • Dumped Xamarin's source for NSUrlSessionHandler.cs and its code in HttpClientEx.cs
  • Figured out a quick command to export certificate
  • Wrote some C# code ported from Obj-C here

My code:

var serverCertChain = challenge.ProtectionSpace.ServerSecTrust;
var first = serverCertChain[0].DerData;
var cert = NSData.FromFile("httpbin.cer");
if (first.IsEqual(cert))
{
    completionHandler(NSUrlSessionAuthChallengeDisposition.PerformDefaultHandling, challenge.ProposedCredential);
}
else
{
    completionHandler(NSUrlSessionAuthChallengeDisposition.RejectProtectionSpace, null);
}

NOTE: you may want to do some checks for empty array & reuse NSData for better performance

MORE NOTE: I would not ship the public key as a flat file in your app, place it somewhere safe inside an assembly so an attacker will not easily replace it with their own

If you need to get the cert for your own site, run the command:

openssl s_client -connect httpbin.org:443 | openssl x509 -outform DER > httpbin.cer

Replace httpbin with your domain.

If Xamarin could somehow expose DidReceiveChallenge that would be awesome!

About

Test project to setup SSL pinning with Xamarin.iOS

Topics

Resources

License

Releases

No releases published

Languages

You can’t perform that action at this time.