Post marked as solved
Post marked as solved with 5 replies, 1,801 views
In case, hostname/domain of server is unspecified. I want to use SSL pinning to trust root certificate without hostname/domain.I tried the with below code:extension SecTrust {
func evaluate() -> Bool {
var trustResult: SecTrustResultType = .invalid
let err = SecTrustEvaluate(self, &trustResult)
guard err == errSecSuccess else { return false }
var allow = [.proceed, .unspecified].contains(trustResult)
if !allow {
guard let arr = SecTrustCopyProperties(self) as? [NSDictionary] else {
return false
}
print(String(describing: arr))
// only ignore in case hostname mismatch.
if arr.count == 1 {
if let errMsg = arr[0]["value"] as? String, errMsg.elementsEqual("Hostname mismatch.") {
SecTrustSetExceptions(self, SecTrustCopyExceptions(self))
SecTrustEvaluate(self, &trustResult)
allow = [.proceed, .unspecified].contains(trustResult)
}
}
}
return allow
}
func evaluateAllowing(rootCertificates: [SecCertificate]) -> Bool {
// Apply our custom root to the trust object.
var err = SecTrustSetAnchorCertificates(self, rootCertificates as CFArray)
guard err == errSecSuccess else {
return false
}
// Re-enable the system's built-in root certificates.
err = SecTrustSetAnchorCertificatesOnly(self, false)
guard err == errSecSuccess else { return false }
// Run a trust evaluation and only allow the connection if it succeeds.
return self.evaluate()
}
}
extension Bundle {
func certificate(named name: String, type: String = "der") -> SecCertificate? {
let cerPath = self.path(forResource: name, ofType: type)!
let cerData = NSData(contentsOfFile: cerPath)
let cer = SecCertificateCreateWithData(nil, cerData!)
return cer ?? nil
}
}My code is correct or not?