Global Configuration Keys

  • A global, App-wide configuration key that can be set in the pinning policy.

    Declaration

    Objective-C

    typedef NSString *TSKGlobalConfigurationKey

    Swift

    typealias TSKGlobalConfigurationKey = NSString
  • A boolean. If set to YES, TrustKit will perform method swizzling on the App’s NSURLConnection and NSURLSession delegates in order to automatically add SSL pinning validation to the App’s connections. This option can only be used if TrustKit is initialized in singleton mode; default value is NO.

    Swizzling allows enabling pinning within an App without having to find and modify each and every instance of NSURLConnection or NSURLSession delegates. However, it should only be enabled for simple Apps, as it may not work properly in several scenarios including:

    • Apps with complex connection delegates, for example to handle client authentication via certificates or basic authentication.
    • Apps where method swizzling of the connection delegates is already performed by another module or library (such as Analytics SDKs).
    • Apps that do no use NSURLSession or NSURLConnection for their connections.

    In such scenarios or if the developer wants a tigher control on the App’s networking behavior, kTSKSwizzleNetworkDelegates should be set to NO; the developer should then manually add pinning validation to the App’s authentication handlers.

    See the TSKPinningValidator class for instructions on how to do so.

    Declaration

    Objective-C

    extern const TSKGlobalConfigurationKey kTSKSwizzleNetworkDelegates

    Swift

    let kTSKSwizzleNetworkDelegates: String
  • A dictionary with domains (such as www.domain.com) as keys and dictionaries as values.

    Each entry should contain domain-specific settings for performing pinning validation when connecting to the domain, including for example the domain’s public key hashes. A list of all domain-specific keys is available in the Domain-specific Keys sections.

    Declaration

    Objective-C

    extern const TSKGlobalConfigurationKey kTSKPinnedDomains

    Swift

    let kTSKPinnedDomains: String
  • A boolean. If set to YES, pinning validation will be skipped if the server’s certificate chain terminates at a user-defined trust anchor (such as a root CA that isn’t part of OS X’s default trust store) and no pin failure reports will be sent; default value is YES.

    This is useful for allowing SSL connections through corporate proxies or firewalls. See How does key pinning interact with local proxies and filters? within the Chromium security FAQ at https://www.chromium.org/Home/chromium-security/security-faq for more information.

    Only available on macOS.

    Declaration

    Objective-C

    extern const TSKGlobalConfigurationKey
        kTSKIgnorePinningForUserDefinedTrustAnchors

    Swift

    let kTSKIgnorePinningForUserDefinedTrustAnchors: String