From f14d054db7e3e3b87b5c7a0bbd40611b22f43811 Mon Sep 17 00:00:00 2001 From: Maximillian Dornseif Date: Thu, 3 Oct 2013 09:57:58 +0200 Subject: [PATCH] Give a human readable Warning when SSL Pinning fails. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Encryption, SSL and Certificates are hard to gasp. And generally errors like "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)" are hard to make sense of. I subscribe to the theory that if you enable SSL Pinning and it fails, something went horribly wrong a) you misconfigured the thing, a certificate expired or some other developer screw up. b) your application is unter attack. Both secenarios warrant a clear and obvious message in the log files. This breaks with the "no logging" approach in AFURLConnectionOperation and maybe an `NSAssert` would be better but if SSP pinning fails something fishy is going on and we should leave some obvious evidence about this. --- AFNetworking/AFURLConnectionOperation.m | 2 ++ 1 file changed, 2 insertions(+) diff --git a/AFNetworking/AFURLConnectionOperation.m b/AFNetworking/AFURLConnectionOperation.m index 595ea86..46a2d7b 100644 --- a/AFNetworking/AFURLConnectionOperation.m +++ b/AFNetworking/AFURLConnectionOperation.m @@ -634,6 +634,7 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe } } + NSLog(@"Error: Unknown Public Key during Pinning operation"); [[challenge sender] cancelAuthenticationChallenge:challenge]; break; } @@ -646,6 +647,7 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe } } + NSLog(@"Error: Unknown Certificate during Pinning operation"); [[challenge sender] cancelAuthenticationChallenge:challenge]; break; }