Skip to content

Instantly share code, notes, and snippets.

View AlamofireSoftwareFoundation's full-sized avatar

Alamofire Software Foundation AlamofireSoftwareFoundation

View GitHub Profile
// AFNetworking
[[AFHTTPSessionManager manager] GET:@"" parameters:nil success:^(NSURLSessionDataTask *task, id JSON) {
NSLog(@"IP Address: %@", JSON[@"origin"]);
} failure:^(NSURLSessionDataTask *task, NSError *error) {
NSLog(@"Error: %@", error);
// NSURLSession
NSURL *URL = [NSURL URLWithString:@""];
AlamofireSoftwareFoundation /
Last active January 10, 2020 06:25
A response to recent concerns about security vulnerabilities in AFNetworking

Last week, a number of publications ran a story about 1,000's of apps allegedly being vulnerable due to an SSL bug in AFNetworking. These articles contain a number of inaccurate and misleading statements on this matter.

We are publishing this response to clarify and correct these statements.

Background Information

For those not familiar with AFNetworking, here are some relevant details about the library for this story:

  • AFNetworking is an open source, third-party library that provides convenience functionality on top of Apple's built-in frameworks.
  • One component of AFNetworking is AFSecurityPolicy, which handles authentication challenges according to a policy configured by the application. This includes the evaluation of X.509 certificates which servers send back when connecting over HTTPS.