I am doing SSL pinning using AFNetworking. I got it working with the following code.
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
[manager.securityPolicy setPinnedCertificates:myCertificate];
My question is, is there a way to set public keys, instead of certificates, in AFSecurityPolicy? Our certificates change once in a while, and I don't want to pass that in. There is no setPublicKeys method in AFSecurityPolicy.h. The AFSecurityPolicy.m has a property pinnedPublicKeys but it can't be set because it's not in the header file.
Thanks in advance.
The keys are extracted from the certificates either automatically with .cer files in your bundle, or when you set the pinnedCertificates property manually. Newer certs will work even if the old ones have expired, as long as the public key is unchanged.
See the implementation of setPinnedCertificates: (and also the AFPublicKeyForCertificate function). I recommend setting a breakpoint and stepping through it at app launch if you're not clear how it works.