SSL Pinning through Alamofire not working

Question

I'm having some problems in my project with SSL Pinning through Alamofire. The problem is that in another project created ad-hoc, everything works fine: if Charles is enabled, everything is blocked.

Now in this project it passes every call, even if my certificate isn't correct.

I thought that maybe the problem is a library imported with my PodFile, but I don't know which one could be.

I'm asking here because maybe has already had the same problem.

Here's the PodFile:

pod 'SideMenuController'
pod 'ScrollingStackContainer', '~> 0.5'
pod 'SwiftLocation'
pod 'ObjectMapper'
pod 'ActionSheetPicker-3.0'
pod 'Stripe'
pod 'CocoaMQTT'

pod 'SwiftMessages', '5.0.1'
pod 'PusherSwift'
pod 'CryptoSwift', '~> 0.7.2'
pod 'TTSegmentedControl', '~> 0.3.1'
pod 'Fabric'
pod 'Crashlytics'
pod 'KMPlaceholderTextView', '~> 1.3.0'

pod 'FlowTables',       '~> 0.8.2'

pod 'FBSDKLoginKit'

pod 'KeychainAccess',           '~> 3.1.1'
pod 'ios-ntp',                  '~> 1.1.9'
pod 'MMMaterialDesignSpinner',  '~> 0.2.5'

pod 'Alamofire', '4.7.2'
pod 'Kingfisher',  :git => 'https://github.com/onevcat/Kingfisher.git', :tag => '4.9.0'

Answer 1

I’ve found the problem:

In my PodFile, there was installed also CocoaDebug, a tool which helps you to debug your network calls. Unfortunately, it overrides my custom SessionManager, and also override methods about SSL certificate pinning.

It has to be completely uninstalled, it’s not enough to disable it in the build.

Answer 2

Of course everything's blocked when using Charles: that means certificate pinning is working and the app isn't accepting responses that have been intercepted (in this case by Charles). You have a couple options:

1. Disable certificate pinning for debug builds so you can use Charles.
2. Export the Charles SSL certificate and include it with debug builds of your app so it becomes one of the pinned certificates. Make sure this cert isn't included with your release builds.