Question about validation logic

[mbrandonw]

Looking at the source I found this:

Starscream/Sources/SSLSecurity.swift

Lines 177 to 188 in 70fd033

	var trustedCount = 0
	for serverCert in serverCerts {
	for cert in certs {
	if cert == serverCert {
	trustedCount += 1
	break
	}
	}
	}
	if trustedCount == serverCerts.count {
	return true
	}

and I'm curious why all of the certificates from the server are required to match one of the certificates provided. I was under the impression that it is sufficient for at least one of the certificates to match.

Is this logic correct?

Thanks!

[eliburke]

@mbrandonw The original behavior was to require the entire chain to be trusted. Like you, I am under the impression that only one cert needs to match. #412 added a boolean to control the behavior. If you set validateEntireChain=false, it will short circuit out of that loop.
If you check the docs for SecTrustEvaluate you'll see that both .proceed and .unspecified are considered success states.

[mbrandonw]

oh wow, that's it! I saw that option but didn't look further into it. Thanks for the help!

[eliburke]

I should add-- I left the existing behavior as default in the PR so that current Starscream users wouldn't suddenly have a change in their security model. I do think it should be the default behavior in a future major release such as 4.0 hint hint @daltoniam 😄