Replies: 1 comment
-
Sorry, I lost track of this. Unfortunately there's no easy way to check what you want provided by the Security framework Alamofire uses. Self-signed certificates should be disabled by default, and so you should see any error if you use one, but if you add such a certificate to the system's keychain and trust it, there's no way to tell the difference between it and another certificate. You'd need to actually parse out the data from the certificate using the Security framework or another solution, and even then I'm not sure there's an easy way to check for a trusted self-signed cert vs. a root signed cert. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'd like to make mitm attacks on alamofire requests somewhat more difficult by inspecting the certificate details for each request and rather than pinning individual certs. i'm comfortable with just saying "hey if this certificate's root authority is recognizable, for instance godaddy's, i'll assume it's not self signed". Is that possible?
Beta Was this translation helpful? Give feedback.
All reactions