How to compare SSL certificates using AFNetworking

Question

In my iPhone app I\'m using an https connection with a self-signed SSL certificate to download sensible data (username and password) from a server.

Answer 1

The term you're looking for is SSL Pinning, where the app verifies that a known certificate or public key matches one presented by a remote server.

AFNetworking supports both pinning with certificates or public keys. You'll need to add the certificate(s) or public key(s) to your app's Bundle, and enable the feature by setting either the defaultSSLPinningMode property on AFHttpClient or the SSLPinningMode property on AFURLConnectionOperation.

You can pin using AFSSLPinningModePublicKey or AFSSLPinningModeCertificate. AFSSLPinningModeCertificate means that the server's certificate must exactly match one of those in the bundle.

AFSSLPinningModePublicKey is more liberal and means that the server's certificate must match for any public key in the bundle, or any public key attached to certificates in the bundle.

There's an example of setting the pinning mode in the AppDotNet example.