I'm developing some iOS apps and I'm downloading/uploading data which are very sensitive. I'm using AFNetworking to do that requests and my question is simple: I reach only 3 different certificates in all the app, can I custom AFNetworking's layer to accept only these 3 certificates?
The aim of this manipulation will be to avoid "Man To the Middle" attacks and so avoid injection and/or retrieval of any additional information during the HTTP exchanges.
All AFNetworking operations inherit from AFURLConnectionOperation, which defines a block called
authenticationChallenge. Setting this block on your operations will define how AFNetworking responds to the NSURLConnectionDelegate methodconnection:didReceiveAuthenticationChallenge:. Specifically, you will want to inspectchallenge.proposedCredential.If you don't want to set this block on every operation, you could also subclass the operation type you're using (like AFJSONRequestOperation, for example), and override
connection: willSendRequestForAuthenticationChallenge:with the behavior you want.