ServerTrustEvaluating

public protocol ServerTrustEvaluating : Sendable

A protocol describing the API used to evaluate server trusts.

  • Evaluates the given SecTrust value for the given host.

    Declaration

    Swift

    func evaluate(_ trust: SecTrust, forHost host: String) throws

    Parameters

    trust

    The SecTrust value to evaluate.
    host

    The host for which to evaluate the SecTrust value.

    Return Value

    A Bool indicating whether the evaluator considers the SecTrust value valid for host.

Available where Self == RevocationTrustEvaluator

Available where Self == PinnedCertificatesTrustEvaluator

  • pinnedCertificates Extension method

    Provides a default PinnedCertificatesTrustEvaluator instance.

    Declaration

    Swift

    public static var pinnedCertificates: PinnedCertificatesTrustEvaluator { get }

  • Creates a PinnedCertificatesTrustEvaluator using the provided parameters.

    Declaration

    Swift

    public static func pinnedCertificates(certificates: [SecCertificate] = Bundle.main.af.certificates,
                                      acceptSelfSignedCertificates: Bool = false,
                                      performDefaultValidation: Bool = true,
                                      validateHost: Bool = true) -> PinnedCertificatesTrustEvaluator

    Parameters

    certificates

    The certificates to use to evaluate the trust. All cer, crt, and der certificates in Bundle.main by default.
    acceptSelfSignedCertificates

    Adds the provided certificates as anchors for the trust evaluation, allowing self-signed certificates to pass. false by default. THIS SETTING SHOULD BE FALSE IN PRODUCTION!
    performDefaultValidation

    Determines whether default validation should be performed in addition to evaluating the pinned certificates. true by default.
    validateHost

    Determines whether or not the evaluator should validate the host, in addition to performing the default evaluation, even if performDefaultValidation is false. true by default.

Available where Self == PublicKeysTrustEvaluator

  • publicKeys Extension method

    Provides a default PublicKeysTrustEvaluator instance.

    Declaration

    Swift

    public static var publicKeys: PublicKeysTrustEvaluator { get }

  • Creates a PublicKeysTrustEvaluator from the provided parameters.

    Note

    Default and host validation will fail when using this evaluator with self-signed certificates. Use PinnedCertificatesTrustEvaluator if you need to use self-signed certificates.

    Declaration

    Swift

    public static func publicKeys(keys: [SecKey] = Bundle.main.af.publicKeys,
                              performDefaultValidation: Bool = true,
                              validateHost: Bool = true) -> PublicKeysTrustEvaluator

    Parameters

    keys

    The SecKeys to use to validate public keys. Defaults to the public keys of all certificates included in the main bundle.
    performDefaultValidation

    Determines whether default validation should be performed in addition to evaluating the pinned certificates. true by default.
    validateHost

    Determines whether or not the evaluator should validate the host, in addition to performing the default evaluation, even if performDefaultValidation is false. true by default.

Available where Self == CompositeTrustEvaluator