Implementation of the intermediate certificate pinning feature. Added…#209
Implementation of the intermediate certificate pinning feature. Added…#209BobbyWeber merged 1 commit intodevelopfrom
Conversation
… a new enum to take the mode of SSL pinning. Modified the logic of evaluating security configuration to include the SSL pinning mode.
| @interface MASSecurityConfiguration : MASObject | ||
|
|
||
|
|
||
| /** |
There was a problem hiding this comment.
What if the Customer wants to enable both intermediate and leaf cert pinning.
I think we need to ponder about clubbing them together with an 'OR' clause.
There was a problem hiding this comment.
then thats a subset if you want leaf you any way get the intermediate also today....so then only pinning on intermediate has no value
There was a problem hiding this comment.
What I meant it should be product management decision ?
ysd24
left a comment
ysd24
left a comment
There was a problem hiding this comment.
What if the Customer wants to enable both intermediate and leaf cert pinning.
I think we need to ponder about clubbing them together with an 'OR' clause.
Also we need to ponder about whether this decision should be coming from server in msso_config.json ?
But otherwise looks good to me.
I learned from James that msso should not be modified for this feature as pinning is not only related to MAG/OTK but also any other public server. I will forward his email on this. |
4 participants
… a new enum to take the mode of SSL pinning.
Modified the logic of evaluating security configuration to include the SSL pinning mode.