Certificate Pinning

[kingmatusevich]

The SDKs should be compatible with pinned certificates for connecting to the Parse Servers, allowing for faster, safer deployment, particularly in small or internal deployments.

[davidtavarez]

@montymxb @kingmatusevich is this issue closed?

[montymxb]

@davidtavarez Nope, it is still open and still something we are happy to implement in the future; but no work has started on this yet.

[dplewis]

Doesn't ParseClient::setCAFile already kinda does this? I can add a valid test for this.

What other types of SSL/TLS check would be needed? (That would support both cURL and stream_context).

[dplewis]

This can be achieved by creating your own HTTP client and pass in your SSL/TLS options

ParseClient::setHttpClient(new CustomHTTPClient());

https://github.com/parse-community/parse-php-sdk#http-clients

We could add ParseClient::setOptions() to support certificate pinning out of the box for both cURL and stream clients. This would also support any of the many other features for cURL and stream context.

[dplewis]

For those interested I added an example for public key pinning, cert fingerprint checking, peer verification in PHP and JavaScript (not really a thing in javascript but useful) using self signed certs #513