Skip to content

Instantly share code, notes, and snippets.

Avatar

Alamofire Software Foundation AlamofireSoftwareFoundation

View GitHub Profile
View afnetworking-vs-nsurlsession.m
// AFNetworking
[[AFHTTPSessionManager manager] GET:@"http://httpbin.org/ip" parameters:nil success:^(NSURLSessionDataTask *task, id JSON) {
NSLog(@"IP Address: %@", JSON[@"origin"]);
} failure:^(NSURLSessionDataTask *task, NSError *error) {
NSLog(@"Error: %@", error);
}];
// NSURLSession
NSURL *URL = [NSURL URLWithString:@"http://httpbin.org/ip"];
@AlamofireSoftwareFoundation
AlamofireSoftwareFoundation / alamofire-04-27-2015-statement.md
Last active Jan 10, 2020
A response to recent concerns about security vulnerabilities in AFNetworking
View alamofire-04-27-2015-statement.md

Last week, a number of publications ran a story about 1,000's of apps allegedly being vulnerable due to an SSL bug in AFNetworking. These articles contain a number of inaccurate and misleading statements on this matter.

We are publishing this response to clarify and correct these statements.

Background Information

For those not familiar with AFNetworking, here are some relevant details about the library for this story:

  • AFNetworking is an open source, third-party library that provides convenience functionality on top of Apple's built-in frameworks.
  • One component of AFNetworking is AFSecurityPolicy, which handles authentication challenges according to a policy configured by the application. This includes the evaluation of X.509 certificates which servers send back when connecting over HTTPS.