Skip to content

1.1.0

Compare
Choose a tag to compare
@nabla-c0d3 nabla-c0d3 released this 11 Jul 00:18
· 785 commits to master since this release
  • New TSKIgnorePinningForUserDefinedTrustAnchors configuration setting to skip pinning validation if the server's certificate chain terminates at a user-defined trust anchor. This is useful for allowing SSL connections through corporate proxies or firewalls. Only available on OS X.
  • The pinning policy can now be configured through the App's Info.plist even on iOS 7 and OS X 10.9.
  • Pin failure reports now also contain the result for the server's certificate chain evaluation in the validation-result field, in order to help troubleshoot pin validation failures.
  • A pinning policy is now required to provide two SSL pins minimum per domain, as specified in RFC 7469.
  • Renamed TSKPinVerifier to TSKPinningValidator. Also, the class will now send reports when pin validation failures occur.
  • If kTSKEnforcePinning is set to NO, no SSL connections will be blocked at all. In previous versions, SSL connections where the evaluation of the certificate chain failed (ie. "standard" certificate validation) would be blocked regardless of kTSKEnforcePinning.
  • Uploads of pin failure reports are now rate-limited to one per day, per domain and per type of failure. This will significantly reduce the amount of identical reports that get sent.