斯威夫特AlamoFire的ssl钉扎

Question

Im a newb here but I have an app that is subject to MITM attacks.

After I bit of research it sounds like I need to do SSL Pining, ie keep a copy of my servers public key/certificate so the can determine if the response came from it.

I have no idea how to do this, I am using AlamoFire in Swift to handle the networking.

Answer 1

Alamofire now implemented the certificate pinning. The documentation you need is in the Readme.md

https://github.com/Alamofire/Alamofire

See their example implementation:

let serverTrustPolicies: [String: ServerTrustPolicy] = [
    "test.example.com": .PinCertificates(
        certificates: ServerTrustPolicy.certificatesInBundle(),
        validateCertificateChain: true,
        validateHost: true
    ),
    "insecure.expired-apis.com": .DisableEvaluation
]

let manager = Manager(
    serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)

Answer 2

As indicated here : https://github.com/Alamofire/Alamofire/issues/366

It is certainly something that the community is looking to support, but there's not a solid time frame around it yet. I'd say for the time being, you'll want to continue with AFNetworking, and keep a close eye on the Alamofire project for new features coming in.