Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Certificate pinning using NSUrlSessionHandler #4170
Steps to Reproduce
I expected to be able to implement a delegate, such as NSUrlSessionDataDelegate, or event like
NSUrlSessionHandlerDelegate is private and contains a bunch of the necessary logic for NSUrlSessionHandler to even function.
NSUrlSession which uses the delegate is a private readonly member variable, so it cannot easily be set either.
The only way to implement this for NSUrlSessionHandler is to yank the code from this repository and modify it. Which isn't really an optimal solution.
It is a similar story with Android, no out of the box hooks into the events for validating certificates, just like you get with the managed implementation and ServicePointManager.
Thanks for the report. I will take a look ASAP on a possible solution that will not change the API in a breaking mode and will push it.
We have not had a user with this need, so we never implemented it.
As a work around, is it possible for you to try the other handlers and see if they provide what you need?
@mandel-macaque I would assume that besides us, there's a ton of other people interested in this. managed handler is not an option for us, as it does not support TLS1.2 on iOS (or does it now?) and the server only talks TLS1.2. Patching framework classes is a pain in the a**, as you constantly need to track and re-sync updates. Best way would be that the NSUrlSessionHandler would trigger ServicePointManager.ServerCertificateValidationCallback and implement it's error handling accordingly.
We are also having this issue. We need TLS 1.2 support (and therefor NSUrlSessionHandler), but also want to implement certificate pinning. To achieve this we want to override the NSUrlSessionHandlerDelegate:DidReceiveChallenge.
We also tried ServicePointManager.ServerCertificateValidationCallback, but this callback isn't triggered when using any other handler than the Managed one. When using the native ModernHttpClient handlers, the ServicePointManager.ServerCertificateValidationCallback is being called, but unfortunately ModernHttpClient isn't maintained anymore. It would be great to have NSUrlSessionHandler also trigger ServicePointManager.ServerCertificateValidationCallback.
referenced this issue
Jun 19, 2018
added a commit
Mar 6, 2019
Just added a detailed reply to that PR. Short summary:
You do not want to use
Yes, it will happen in all native handlers.
It's supposed to land by the end of March.