I am trying to make an API call using Network framework in iOS, i am completely ignoring URLSession because of my usecase. I have to do cert pinning for the endpoint and i dont find much documentation for the same
i found the below snippet helpful from apple's developer forum,
sec_protocol_options_set_verify_block(options.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) in
let trust = sec_trust_copy_ref(sec_trust).takeRetainedValue()
var error: CFError?
if SecTrustEvaluateWithError(trust, &error) {
***I am performing my custom cert pinning implementation here
sec_protocol_verify_complete(true)
} else {
if allowInsecure == true {
sec_protocol_verify_complete(true)
} else {
sec_protocol_verify_complete(false)
}
}
}, queue)
This seems to be the configuration that we set before we make the actual network request, the SecTrust is something that we use to get it in the URLSession delegate whenever a request is made, so at this point i am not able to fetch the server certificate from this sec_protocol_options_set_verify_block.
So does anyone happen to get cert pinning work using Network framework? any help would be greatly appreciated, thanks.
The client certificate is set in the connection options. First, you need to obtain the SecIdentity. The
sec_protocol_options_set_verify_block
is used to check the server certificate (you can also copy the server certificate data for further usage). Then, you should usesec_protocol_options_set_challenge_block
orsec_protocol_options_set_local_identity
to attach your certificate. Here is a rough implementation: