search

bustoutsolutions / siesta

The civilized way to write REST API clients for iOS / macOS
https://bustoutsolutions.github.io/siesta/
MIT License
2.19k stars 159 forks source link

Certificate pinning support #18

Closed lifeisfoo closed 8 years ago

lifeisfoo commented 8 years ago

A common way to add ssl pinning support in iOS apps is to use the NSURLConnectionDelegate to define a custom didReceiveAuthenticationChallenge. How to add this security feature to Siesta framework?

For a complete example see the OWASP website.

pcantrell commented 8 years ago

By default, Siesta uses NSURLSession and not NSURLConnection, so look up instructions on how to do certificate pinning with an NSURLSessionDelegate instead of an NSURLConnectionDelegate.

Configure an NSURLSession with your custom NSURLSessionDelegate just as you would without Siesta. Then pass the NSURLSession as your networking provider when you create the Siesta service.

let certificatePinningSession = NSURLSession(
    configuration: NSURLSessionConfiguration.ephemeralSessionConfiguration(),
    delegate: MyCustomSessionPinningDelegate(),
    delegateQueue: nil)
let myService = Service(baseURL: "http://what.ever", networking: certificatePinningSession)

You might also take a look at the SSL conveniences provided by Alamofire (which you can also use with Siesta).

Finally — or I should say first! — consider using TrustKit instead of configuring it manually.