Skip to content

Releases: datatheorem/TrustKit

1.4.0

12 Sep 05:31
Compare
Choose a tag to compare
  • Added support for watchOS 3.0 and tvOS 10.0.
  • New utility method [TrustKit setLoggerBlock:] for overriding and customizing TrustKit's logging functionality.
  • New helper method [TSKPinningValidator handleChallenge:completionHandler:] to make it easy to implement pinning validation in NSURLSession and WKWebView delegates.
  • On iOS 10 devices, public keys are extracted from certificates using the new SecKey APIs, instead of leveraging the device's Keychain. This significantly simplifies and speeds up pinning validation.
  • On macOS, the vendor identifier sent along with reports is now randomly generated, instead of being derived from the computer's MAC address and the App's bundle ID; this removes IOKit as a dependency.
  • Replaced all pre-compiled libraries within the project (domain-registry-provider, OCMock) with the corresponding source code.

1.3.2

21 Jun 21:11
Compare
Choose a tag to compare
  • Fixed validation error when enabling multiple public key algorithms (kTSKAlgorithm) for a single domain.

1.3.1

08 Jun 23:08
Compare
Choose a tag to compare
  • Added two extra fields to the pinning failure reports:
    • "trustkit-version": the version number of the TrustKit library embedded within the App.
    • "enforce-pinning": whether TrustKit was configured to block the connection.
  • Fixed a rare crash triggered when sending a report and due to a SecTrustRef object being unexpectedly released.
  • A TrustKit configuration must now contain two different pins for each domain (including a backup pin).
  • A TrustKit configuration must now specify a value for the kTSKSwizzleNetworkDelegates setting, which controls whether the App's network delegates should be swizzled to automatically add SSL pinning validation. See the Getting Started guide for more information.

1.3.0

25 May 01:24
Compare
Choose a tag to compare
  • Added NSNotifications (posted under the kTSKValidationCompletedNotification name) to allow Apps to be notified when TrustKit performed an SSL pinning validation for a connection. These notifications can be used for performance measurement or to act upon any pinning validation performed by TrustKit (for example to customize the reporting mechanism). More information is available in the documentation.
  • Various improvements to the test suite.

1.2.5

29 Feb 22:00
Compare
Choose a tag to compare
  • Fixed TSKPinningValidator to reject invalid certificate chains when TrustKit is configured to not enforce pinning.
  • Improved performance and reliability by persisting the Subject Public Key Info cache to the filesystem across App restarts. This will reduce TrustKit's reliance on the Keychain to extract SPKIs from certificates, thereby speeding up the pinning validation process and also mitigating random Keychain errors (such as https://github.com/DinosaurDad/Keychain-34018).

1.2.4

09 Feb 01:15
Compare
Choose a tag to compare
  • Fixed linker warnings caused by the pre-compiled domain_registry libraries.

1.2.3

23 Dec 22:27
Compare
Choose a tag to compare
  • Switched from _Nonnull annotations to NS_ASSUME_NONNULL audited regions, in order to make TrustKit compatible with older versions of Xcode (6.3 and 6.4).

1.2.2

20 Dec 10:10
Compare
Choose a tag to compare
  • Pinning failure reports from OS X Apps will now send a vendor identifier (just like on iOS) generated using a hash of the computer's MAC address and the App's bundle ID.
  • To avoid issues with locked devices and Apps running in the background, reports and certificates are now created using a data protection class set to AccessibleAfterFirstUnlock.
  • Added a new error code to detect Keychain failures when trying to extract the public key from a certificate on iOS.
  • Added a new "app-platform" field to pinning failure reports, which can be set to IOS or OSX.

1.2.1

28 Nov 00:44
Compare
Choose a tag to compare
  • Removed an exception that would be thrown when trying to send a pin failure report while the device had no disk space left.
  • Fixed various issues affecting the stability of the project's test suite.

1.2.0

21 Oct 01:32
Compare
Choose a tag to compare
  • Complete re-write of the hooking strategy to automatically add SSL pinning to the App's connections. TrustKit now swizzles NSURLSession and NSURLConnection delegates to add pinning validation to the delegate's authentication handler methods; for developers who want to call into TrustKit manually, this behavior can be disabled using the TSKSwizzleNetworkDelegates setting. This change was made due to the previous hooking strategy (targeting SecureTransport) not working on iOS 9.
  • The pinning policy format has slightly changed, in order to add new global settings: TSKSwizzleNetworkDelegates, TSKIgnorePinningForUserDefinedTrustAnchors, TSKPinnedDomains. If you have an existing pinning policy for TrustKit 1.1.3, all you need to do is put it under the TSKPinnedDomains key.
  • Greatly simplified the TSKPinningValidator API to make it easy to write authentication handlers that enforce the App's SSL pinning policy. Sample code describing how to do it is available in the documentation.
  • Updated Xcode project settings: stricter warnings, enabled bitcode, separate iOS and OS X build schemes.
  • Pinning failure reports now also send the IDFV in order to simplify the troubleshooting of errors, by being able to detect a single, malfunctioning device.