Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

SSL Pinning and/or CA Restriction Support #307

Open
jakehow opened this Issue · 2 comments

2 participants

@jakehow

I am not sure if this is possible with the frameworks available in iOS, but thought this may be a good place for discussion.

For background see: http://www.imperialviolet.org/2011/05/04/pinning.html
and: http://tools.ietf.org/html/draft-evans-palmer-hsts-pinning

We would like to be able to limit SSL communication in our application to using specified certificates, in order to eliminate the risks mentioned in the imperial violet article such as a rooted CA issuing a certificate to a rogue third party.

@jogu
Collaborator

There's some discussion about how a similar sounding concept might be implemented here:

http://groups.google.com/group/asihttprequest/browse_thread/thread/63282c47943a2f95?pli=1

With the way ASIHTTPRequest is written, it doesn't seem to be entirely possible (you can't verify the certificate before data is sent to the server). I don't know if any of the NSURLConnection based approaches would allow this to be done.

@jakehow

Cool, also found this which may help frame the issue:

http://blog.securemacprogramming.com/2011/12/on-ssl-pinning-for-cocoa-touch/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.