iOS certificate pinning with Swift and NSURLSession

Question

Howto add certificate pinning to a NSURLSession in Swift?

The OWASP website contains only an example for Objective-C and NSURLConnection.

Answer 1

The openssl command in @lifeisfoo's answer will give an error in OS X for certain SSL certificates that use newer ciphers like ECDSA.

If you're getting the following error when you run the openssl command in @lifeisfoo's answer:

    write:errno=54
    unable to load certificate
    1769:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL09        
    8-59.60.1/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE

You're website's SSL certificate probably is using an algorithm that isn't supported in OS X's default openssl version (v0.9.X, which does NOT support ECDSA, among others).

Here's the fix:

To get the proper .der file, you'll have to first brew install openssl, and then replace the openssl command from @lifeisfoo's answer with:

/usr/local/Cellar/openssl/1.0.2h_1/bin/openssl [rest of the above command]

Homebrew install command:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

hope that helps.