I'm trying to implement certificate pinning using Alamofire.
I have added mydomain to "Exception Domains" in .plist file and set keys:
NSExceptionAllowsInsecureHTTPLoads: true
NSIncludesSubdomains: true
NSExceptionRequiresForwardSecrecy: false
Then, I create SessionManager this way:
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"mydomain": .pinCertificates(certificates: [],
validateCertificateChain: true,
validateHost: true)
]
let configuration = URLSessionConfiguration.default
sessionManager = SessionManager(configuration: configuration,
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies))
When I run my app, all requests succeed, but the expected result is Alamofire rejecting them. I've set breakpoints to all "didReceiveChallenge" methods and they're not even executed.
When I change the configuration to
let configuration = URLSessionConfiguration.background(withIdentifier: "background")
Then cert pinning works as expected (rejecting all requests)
Anyone has an idea why it happens and how to fix it using default configuration?
Note: When I pass my .der file to certificates in .pinCertificates policy, background configuration also works as expected
