Comments (7)
Oh yeah. I was thinking more along the lines of compromising iOS NTP than manually changing the system time 😉 Not a big deal.
from trustkit.
Would this mean that pinning can be disabled by moving the system date up a bit? I'm not entirely sure but it should be noted in the docs.
from trustkit.
Correct, but pinning is not something meant to prevent someone with full access to the phone from being able to decrypt the device's network traffic (although it may, as a side effect, make it harder).
from trustkit.
@nabla-c0d3 @adamkaplan Might this be better if the expiration date results on a "drop matching connections if pins expired" behaviour, rather than allow all valid certs if pins expired?
Or is this going to be more an optional feature (if exp date provided, check the date etc)?
from trustkit.
It will be optional. If an expiration date is set and we're past the date, TrustKit will not perform pinning validation (any valid cert will be accepted).
from trustkit.
Hey @nabla-c0d3 this actually came up in a review discussion today. The use case we’re thinking about are the small minority of users who do not update their app, their OS, or both, sometimes for years. There are many active users who become unsupportable after some time, and ideally their apps don’t just brick when certs roll a year later. Security degradation makes sense in many cases.
Any idea when you’ll have something ready? Or, do you want some help on this one?
from trustkit.
Yes, that's exactly the use case for an expiration date. I have started looking into this and it should be a quick change - probably a couple weeks at most. Also, if you'd like to use our dashboard for the SSL failure reports, feel free to email me (email is on my GH profile).
from trustkit.
Related Issues (20)
- I am getting issue domain is not pinned HOT 2
- Support for iOS 12 & 13 needed HOT 2
- Trustkit not building on Xcode 14.3 HOT 2
- Build warning bitcode is enabled.
- build error on ios libTrustKit_Static.a HOT 3
- Random crash - TrustKit was not initialized
- Crash at ssl_pin_verifier.m - Line 43 HOT 4
- Crash at getCertificateAtIndex HOT 4
- Error when try build for Mac Catalyst
- Crash when app is restarted
- Crash in TrustKit initWithConfiguration:sharedContainerIdentifier:isSingleton:
- IOS17 support Trust Kit Crash (iphone15 physical) HOT 2
- TrustKit initialisation fully blocks the main thread in NotificationServiceExtension if its attempted before first unlock.
- TrustKitDynamic is not building HOT 1
- _SecTrustCopyCertificateChain getting EXC_BAD_ACCESS HOT 3
- VisionOS support
- Apple's update to their API policy - Required Reason in Privacy manifest HOT 4
- TrustKit crash only in production environment HOT 1
- [Bug] No longer working HOT 1
- If switch the calendar on your phone to the Japanese calendar, it may cause a date format error.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trustkit.