SSL Pinning
rmirabelli opened this issue · 4 comments
Standardized methods for SSL pinning would be welcome.
I'm going to take a look at implementing certificate pinning into Hyperspace. Are there any requirements we'd like to put around this initial implementation? Do we want to build ourselves, or just wrap TrustKit?
So far I've come up with:
- Configurable per build configuration / environment
- Probably built into the
NetworkServiceitself as it has the most direct interaction with aURLSession
As long as we have appropriate test coverage, I'm fine with building this ourselves. TrustKit relies on swizzling, which I'm not a huge fan of, but it did work well when I needed to use it. I would say the main features I'd want would be the ability to pin the public key hash as well as the certificate itself (TrustKit supports this).
OK, I'll post a PR once I have something workable to gather some feedback as it gets worked on. Because we want to avoid swizzling we'll most likely have to leave the URLSessionDelegate integration to the client application (but I don't think that's a huge problem).