EMTlsConfiguration Class Reference

Inherits from NSObject
Declared in EMTlsConfiguration.h

Overview

A class representing a TLS configuration.

– init

Constructs a EMTlsConfiguration object whose settings are all NO.

- (instancetype)init

Return Value

New instance of a EMTlsConfiguration.

Discussion

This is the most secure configuration for the communication link.

Declared In

EMTlsConfiguration.h

– initWithTimeout:

Constructs a EMTlsConfiguration object whose settings are all NO, with ability to set timeout interval.

- (instancetype)initWithTimeout:(NSTimeInterval)timeout

Parameters

timeout

The timeout of the connection in seconds.

Return Value

New instance of a EMTlsConfiguration.

Availability

3.0

Discussion

This is the most secure configuration for the communication link.

Declared In

EMTlsConfiguration.h

– initWithInsecureConnectionAllowed:selfSignedCertAllowed:hostnameMismatchAllowed:

Constructs a EMTlsConfiguration object whose settings are configured in this constructor.

- (instancetype)initWithInsecureConnectionAllowed:(BOOL)insecureConnectionAllowed selfSignedCertAllowed:(BOOL)selfSignedCertAllowed hostnameMismatchAllowed:(BOOL)hostnameMismatchAllowed

Parameters

insecureConnectionAllowed

If YES, then either an unencrypted (http) or an encrypted (https) connection is allowed. If NO, then only encrypted connections are allowed.
selfSignedCertAllowed

If YES, then a connection will accept a self signed server certificate. If NO, then a connection whose server certificate is not signed by a certificate authority on the device is rejected.
hostnameMismatchAllowed

If YES, then a connection will accept a server certificate whose common name (CN) does not match the URL’s domain. If NO, then a connection whose server certificate’s CN does not match the URL’s domain is rejected. This setting is ignored if self signed certificates are allowed.

Return Value

New instance of a EMTlsConfiguration.

Discussion

Warning: It is not recommended to override these settings in a production environment. Allowing any of these configurations will reduce the security of the communication link with the server.

Warning: The insecure permits could only used in debug build for test purpose. They were not allowed to be used in release mode since 3.0 version.

Declared In

EMTlsConfiguration.h

– initWithInsecureConnectionAllowed:selfSignedCertAllowed:hostnameMismatchAllowed:timeout:

Constructs a EMTlsConfiguration object whose settings are configured in this constructor.

- (instancetype)initWithInsecureConnectionAllowed:(BOOL)insecureConnectionAllowed selfSignedCertAllowed:(BOOL)selfSignedCertAllowed hostnameMismatchAllowed:(BOOL)hostnameMismatchAllowed timeout:(NSTimeInterval)timeout

Parameters

insecureConnectionAllowed

If YES, then either an unencrypted (http) or an encrypted (https) connection is allowed. If NO, then only encrypted connections are allowed.
selfSignedCertAllowed

If YES, then a connection will accept a self signed server certificate. If NO, then a connection whose server certificate is not signed by a certificate authority on the device is rejected.
hostnameMismatchAllowed

If YES, then a connection will accept a server certificate whose common name (CN) does not match the URL’s domain. If NO, then a connection whose server certificate’s CN does not match the URL’s domain is rejected. This setting is ignored if self signed certificates are allowed.
timeout

The timeout of the connection in seconds.

Return Value

New instance of a EMTlsConfiguration.

Discussion

Warning: It is not recommended to override these settings in a production environment. Allowing any of these configurations will reduce the security of the communication link with the server.

Warning: The insecure permits could only used in debug build for test purpose. They were not allowed to be used in release mode since 3.0 version.

Declared In

EMTlsConfiguration.h

– initWithCertificates:insecureConnectionAllowed:selfSignedCertAllowed:hostnameMismatchAllowed:timeout:

Constructs a EMTlsConfiguration object whose settings are configured in this constructor. This API will do the certificate pinning check.

- (instancetype)initWithCertificates:(NSArray *)certificates insecureConnectionAllowed:(BOOL)insecureConnectionAllowed selfSignedCertAllowed:(BOOL)selfSignedCertAllowed hostnameMismatchAllowed:(BOOL)hostnameMismatchAllowed timeout:(NSTimeInterval)timeout

Parameters

certificates

List of certificates data to be checked for pinning.
insecureConnectionAllowed

If YES, then either an unencrypted (http) or an encrypted (https) connection is allowed. If NO, then only encrypted connections are allowed.
selfSignedCertAllowed

If YES, then a connection will accept a self signed server certificate. If NO, then a connection whose server certificate is not signed by a certificate authority on the device is rejected.
hostnameMismatchAllowed

If YES, then a connection will accept a server certificate whose common name (CN) does not match the URL’s domain. If NO, then a connection whose server certificate’s CN does not match the URL’s domain is rejected. This setting is ignored if self signed certificates are allowed.
timeout

The timeout of the connection in seconds.

Return Value

New instance of a EMTlsConfiguration.

Availability

4.5

Discussion

Warning: It is not recommended to override these settings in a production environment other than the certificates to pin. Allowing any of these configurations will reduce the security of the communication link with the server.

Warning: The insecure permits could only used in debug build for test purpose. They were not allowed to be used in release mode since 3.0 version.

Warning: iOS client only allows certificate from the content of file with the following format: X.509 Certificate (DER)

Warning: iOS client does not support certificate from the content of file with the following format: (1) X.509 Certificate (PEM), (2) X.509 Certificate with chain (PEM), (3) X.509 Certificate (PKCS#7), and (4) X.509 Certificate with chain (PKCS#7).

Declared In

EMTlsConfiguration.h

  insecureConnectionAllowed

Whether or not an insecure connection is allowed.

@property (nonatomic, readonly, getter=isInsecureConnectionAllowed) BOOL insecureConnectionAllowed

Return Value

If YES, then either an unencrypted (http) or an encrypted (https) connection is allowed. If NO, then only encrypted connections are allowed.

Declared In

EMTlsConfiguration.h

  selfSignedCertAllowed

Whether or not self signed certificate is allowed.

@property (nonatomic, readonly, getter=isSelfSignedCertAllowed) BOOL selfSignedCertAllowed

Return Value

If YES, then a connection will accept a self signed server certificate. If NO, then a connection whose server certificate is not signed by a certificate authority on the device is rejected.

Declared In

EMTlsConfiguration.h

  hostnameMismatchAllowed

Whether or not to allow mismatch between common name (CN) of the server certificates and domain name of the URL.

@property (nonatomic, readonly, getter=isHostnameMismatchAllowed) BOOL hostnameMismatchAllowed

Return Value

If YES, then a connection will accept a server certificate whose common name (CN) does not match the URL’s domain. If NO, then the connection is rejected. This setting is ignored if self signed certificates are allowed.

Declared In

EMTlsConfiguration.h

  timeout

Gets the timeout of the connection.

@property (nonatomic, assign, readonly) NSTimeInterval timeout

Return Value

Returns the timeout in seconds.

Declared In

EMTlsConfiguration.h

  certificates

Get the certificates.

@property (nonatomic, readonly) NSArray *certificates

Return Value

Returns the certificates.

Availability

4.5

Declared In

EMTlsConfiguration.h