search

datatheorem / TrustKit

Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
MIT License
2.01k stars 362 forks source link

Ignoring domains #254

Closed jonathanroze closed 3 years ago

jonathanroze commented 3 years ago

Hi,

I setup TrustKit SDK in my app and it works well for my API.

But I've these errors when I set AppLovin SDK

2021-05-04 15:44:49.582557+0200 App[18480:4780471] TrustKit log: WARNING: +sendSynchronousRequest:returningResponse:error: was called to connect to ms.applovin.com. This method does not expose a delegate argument for handling authentication challenges; TrustKit cannot enforce SSL pinning for these connections
2021-05-04 15:44:49.962238+0200 App[18480:4780470] TrustKit log: Domain <...>.ingest.sentry.io is not pinned
2021-05-04 15:44:49.968290+0200 App[18480:4780293] Received pinning validation notification:
2021-05-04 15:44:50.485969+0200 App[18480:4780470] TrustKit log: WARNING: +sendSynchronousRequest:returningResponse:error: was called to connect to d.applovin.com. This method does not expose a delegate argument for handling authentication challenges; TrustKit cannot enforce SSL pinning for these connections
2021-05-04 15:44:50.490362+0200 App[18480:4780508] TrustKit log: WARNING: +sendSynchronousRequest:returningResponse:error: was called to connect to rt.applovin.com. This method does not expose a delegate argument for handling authentication challenges; TrustKit cannot enforce SSL pinning for these connections
2021-05-04 15:44:50.491925+0200 App[18480:4780471] TrustKit log: WARNING: +sendSynchronousRequest:returningResponse:error: was called to connect to ms.applovin.com. This method does not expose a delegate argument for handling authentication challenges; TrustKit cannot enforce SSL pinning for these connections
2021-05-04 15:44:50.963061+0200 App[18480:4780464] TrustKit log: Background upload - task completed successfully: pinning failure report sent
2021-05-04 15:44:51.460675+0200 App[18480:4780524] TrustKit log: Background upload - task completed successfully: pinning failure report sent

But AppLovin isn't in my pinned domains so I don't understand why I've these errors.

kTSKSwizzleNetworkDelegates is on true

Thanks

nabla-c0d3 commented 3 years ago

Hello, since you haven't pinned AppLovin domains, these warnings can be ignored.

anishtr4 commented 3 years ago

@nabla-c0d3 So if we try accessing a domain which certificate is not pinned, instead of blocking the request it will proceed the request with the above warning ?

nabla-c0d3 commented 3 years ago

@anishtr4 If the domain is not pinned, TrustKit does not do anything ie. will not block/touch the request.

anishtr4 commented 3 years ago

@anishtr4 If the domain is not pinned, TrustKit does not do anything ie. will not block/touch the request.

So TSKPinningValidator is basically validate the provided public key is valid or not for the provided domain right ?

nabla-c0d3 commented 3 years ago

@anishtr4 correct

anishtr4 commented 3 years ago

@anishtr4 correct

how do we verify if the pinning works successfully ?

saeedtkh commented 2 years ago

any updates about pinning works successfully?

rahulunni73 commented 2 years ago

how to block request if pin validation failed, trying to implement pin validation in a react native project
enabled these properties inside trustKitConfig kTSKSwizzleNetworkDelegates: @YES, kTSKEnforcePinning : @YES also i added the domain and key hashes respectively in trustKitConfig i want to block the network request if pin validation failed or try to call with a another domain its pin is not include in the trustKitConfig I am not a native iOS developer so kindly help me, thanks in advance