Starscream: SSL pinning documentation is not done

Created on 1 Oct 2020  ·  9Comments  ·  Source: daltoniam/Starscream

Hi guys,

Could you add the documentation related to SSL Pinning, please? I'm trying to implement it on my project and it's really hard to figure out how I should do it without a proper documentation.

Thanks so much.

Most helpful comment

+1 - Just ran into this today myself.

All 9 comments

+1 - Just ran into this today myself.

+1-今天我自己遇到了这个问题。

+1 @daltoniam any way you can address this please? Pinning was pretty straightforward in 3.x, having trouble figuring out how to do it in 4.x

@daltoniam could you take a look at this issue, please? Thanks so much.

Bump...

+1 - I would like to upgrade to 4.0 from 3.x, but I did not found a way to add my client certificate. (In 3.x, I just had to set WebSocket.sslClientCertificate). Thanks in advance

i am unsure this will work out for you since i wasn't able to make it work fully but the error we receive is related to setting ssl context.

sharing this just in case this might just help you to move forward a bit.

public class CustomCertificatePinner {
    private var trustAnchors: [SecCertificate]?
    private var defaultPinner: FoundationSecurity

    init(trustAnchors: [SecCertificate]? = nil, allowSelfSigned: Bool = false) {
        self.trustAnchors = trustAnchors
        defaultPinner = FoundationSecurity(allowSelfSigned: allowSelfSigned)
    }

    private func injectTrustAnchors(trust: SecTrust) {
        //  If there are anchors provided, add them to the trust then re-enable
        //  the system trusted certificates as well.
        if let anchors = trustAnchors {
            SecTrustSetAnchorCertificates(trust, anchors as CFArray)
            SecTrustSetAnchorCertificatesOnly(trust, false)
        }
    }

}

extension CustomCertificatePinner: CertificatePinning {
    public func evaluateTrust(trust: SecTrust, domain: String?, completion: ((PinningState) -> ())) {
        //  Inject any trust anchors, then pass through to the FoundationSecurity
        //  implementation to do the validateion. Do NOT do domain validation.
        injectTrustAnchors(trust: trust)
        defaultPinner.evaluateTrust(trust: trust, domain: nil) { pinningState in
            completion(pinningState)
        }
    }
}

then when creating the websocket session:

        var anchors: [SecCertificate]? = nil
        if let root = getSecRoot() {
            anchors = [root]
        }

        let customCertPinner = CustomCertificatePinner(trustAnchors: anchors)
        let socket = WebSocket(request: req, certPinner: customCertPinner)

Does someone implement ssl pinning with starscream ? I need to add ssl pinning on my implementation and a how to or example code will be really useful.

Basically is this library still alive ?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

xjimi picture xjimi  ·  4Comments

dessmith picture dessmith  ·  5Comments

gmosx picture gmosx  ·  4Comments

LondonAtlas picture LondonAtlas  ·  3Comments

adrian-niculescu picture adrian-niculescu  ·  4Comments