osmantufekci
commented
12 months ago did you find any solution ?
Closed bart-kneepkens closed 2 years ago
osmantufekci
commented
12 months ago did you find any solution ?
bart-kneepkens
commented
12 months ago did you find any solution ?
No, I'm also not sure why the issue got closed. I decided to not use TrustKit and rolled my own pin verification.
osmantufekci
commented
12 months ago My app uses dynamic ssl pinning with v2 public key. Do you know any documentation/article about with these settings other than trust kit ?
bart-kneepkens
commented
12 months ago My app uses dynamic ssl pinning with v2 public key. Do you know any documentation/article about with these settings other than trust kit ?
I am not able to disclose the sources I used because they are not open. But in general it was the same process as described in this StackOverflow answer: https://stackoverflow.com/questions/75804005/extracting-ssl-certificate-or-expiry-date-from-publickey-in-swift-ios/75804573#75804573
Is there a way to force TrustKit to relax the 'minimum of 2 key hashes' requirement?
I'm aware that, in the case of static key pinning, it's a bad idea to pin only to a single key. But in case a project uses dynamic pinning and the configuration can be updated on-the-fly and securely, a backup pin is not needed.
For now one can set
kTSKEnforcePinningto false, but this means that secrets may be transferred over 'unpinned' connections.