Closed bart-kneepkens closed 2 years ago
did you find any solution ?
did you find any solution ?
No, I'm also not sure why the issue got closed. I decided to not use TrustKit and rolled my own pin verification.
My app uses dynamic ssl pinning with v2 public key. Do you know any documentation/article about with these settings other than trust kit ?
My app uses dynamic ssl pinning with v2 public key. Do you know any documentation/article about with these settings other than trust kit ?
I am not able to disclose the sources I used because they are not open. But in general it was the same process as described in this StackOverflow answer: https://stackoverflow.com/questions/75804005/extracting-ssl-certificate-or-expiry-date-from-publickey-in-swift-ios/75804573#75804573
Is there a way to force TrustKit to relax the 'minimum of 2 key hashes' requirement?
I'm aware that, in the case of static key pinning, it's a bad idea to pin only to a single key. But in case a project uses dynamic pinning and the configuration can be updated on-the-fly and securely, a backup pin is not needed.
For now one can set
kTSKEnforcePinning
to false, but this means that secrets may be transferred over 'unpinned' connections.