Why is ssl pinning not working on synchronous requests?-CodePudding

I want to do ssl pinning with Alamofire library, but it doesn't work for sync requests.

I am using the following library to sync Alamofire request: https://github.com/Dalodd/Alamofire-Synchronous In async call I get cancaled with code -999 but when I try with sync I get all responses with 200. My code is like this:

    let hostname = "..."
    let cert = "..." // e.g. for cert.der, this should just be "cert"
    let pathToCert = Bundle.main.path(forResource: cert, ofType: "der")
    let localCertificate = NSData(contentsOfFile: pathToCert!)
    let certificates = [SecCertificateCreateWithData(nil,
    localCertificate!)!]
    // Configure the trust policy manager
    let serverTrustPolicy = ServerTrustPolicy.pinCertificates(
    certificates: certificates,
    validateCertificateChain: true,
    validateHost: true
    )
    let serverTrustPolicies = [hostname: serverTrustPolicy]
    let serverTrustPolicyManager = ServerTrustPolicyManager(policies:
    serverTrustPolicies)
    // Configure session manager with trust policy
    let defaultManager = Alamofire.SessionManager(
      configuration: URLSessionConfiguration.default,
      serverTrustPolicyManager: serverTrustPolicyManager
    )
    let manager = defaultManager
    manager.session.configuration.timeoutIntervalForRequest = 120
    let request = getRequest(object, endPoint: endPoint)
    let response = manager.request(request).responseString()

If I don't use semaphore in the code below the request is aborted but if I use it I get 200 responses

    public func response<T: DataResponseSerializerProtocol>(responseSerializer: T) -> 
    DataResponse<T.SerializedObject> {
    
    let semaphore = DispatchSemaphore(value: 0)
    var result: DataResponse<T.SerializedObject>!
    
    self.response(queue: DispatchQueue.global(qos: .default), responseSerializer: responseSerializer) { response in
        
        result = response
        semaphore.signal()
        
    }
    
    _ = semaphore.wait(timeout: DispatchTime.distantFuture)
    
    return result
}

How is this possible?

CodePudding user response：

Using Alamofire synchronously is not supported so any misbehaviors you see when doing this are unlikely to be fixed.

Additionally, that dependency is using Alamofire 4, where 5 is the latest version, so if you really want the behavior I suggest implementing it manually using the latest version.