Implementing Pinning Validation

  • A TSKPinningValidator instance can be used to verify a server’s identity against an SSL pinning policy.

    In specific scenarios, TrustKit cannot intercept outgoing SSL connections and automatically validate the server’s identity against the pinning policy:

    • All connections within an App that disables TrustKit’s network delegate swizzling by setting the kTSKSwizzleNetworkDelegates configuration key to NO.
    • Connections that do not rely on the NSURLConnection or NSURLSession APIs:
      • WKWebView connections.
      • Connections leveraging low-level network APIs (such as NSStream).
      • Connections initiated using a third-party SSL library such as OpenSSL.

    For these connections, pin validation must be manually triggered using one of the two available methods within TSKPinningValidator.

    See more

    Declaration

    Objective-C

    @interface TSKPinningValidator : NSObject

    Swift

    class TSKPinningValidator : NSObject
  • Possible return values when verifying a server’s identity against an SSL pinning policy.

    See more

    Declaration

    Objective-C

    enum TSKTrustDecision {}

    Swift

    enum TSKTrustDecision : Int