ServerTrustPolicy

public enum ServerTrustPolicy

The ServerTrustPolicy evaluates the server trust generally provided by an NSURLAuthenticationChallenge when connecting to a server over a secure HTTPS connection. The policy configuration then evaluates the server trust with a given set of criteria to determine whether the server trust is valid and the connection should be made.

Using pinned certificates or public keys for evaluation helps prevent man-in-the-middle (MITM) attacks and other vulnerabilities. Applications dealing with sensitive customer data or financial information are strongly encouraged to route all communication over an HTTPS connection with pinning enabled.

  • performDefaultEvaluation: Uses the default server trust evaluation while allowing you to control whether to validate the host provided by the challenge. Applications are encouraged to always validate the host in production environments to guarantee the validity of the server’s certificate chain.

  • pinCertificates: Uses the pinned certificates to validate the server trust. The server trust is considered valid if one of the pinned certificates match one of the server certificates. By validating both the certificate chain and host, certificate pinning provides a very secure form of server trust validation mitigating most, if not all, MITM attacks. Applications are encouraged to always validate the host and require a valid certificate chain in production environments.

  • pinPublicKeys: Uses the pinned public keys to validate the server trust. The server trust is considered valid if one of the pinned public keys match one of the server certificate public keys. By validating both the certificate chain and host, public key pinning provides a very secure form of server trust validation mitigating most, if not all, MITM attacks. Applications are encouraged to always validate the host and require a valid certificate chain in production environments.

  • disableEvaluation: Disables all evaluation which in turn will always consider any server trust as valid.

  • customEvaluation: Uses the associated closure to evaluate the validity of the server trust.

Bundle Location

  • Returns all certificates within the given bundle with a .cer file extension.

    Declaration

    Swift

    public static func certificates(in bundle: Bundle = Bundle.main) -> [SecCertificate]
    Show on GitHub

  • Returns all public keys within the given bundle with a .cer file extension.

    Declaration

    Swift

    public static func publicKeys(in bundle: Bundle = Bundle.main) -> [SecKey]
    Show on GitHub

Evaluation

  • Evaluates whether the server trust is valid for the given host.

    Declaration

    Swift

    public func evaluate(_ serverTrust: SecTrust, forHost host: String) -> Bool
    Show on GitHub