SRSecurityPolicy

SRSecurityPolicy manages the security configuration for secure WebSocket connections (WSS), such as validating certificate chains.

Default Policy

By default, SocketRocket validates the certificate chain provided by the server, similar to how standard HTTPS requests work in browsers.

SRSecurityPolicy *policy = [SRSecurityPolicy defaultPolicy];

Self-Signed Certificates

If you are working in a development environment with self-signed certificates, you may need to disable certificate chain validation. Note: This is insecure and should not be used in production.

// Disabling chain validation
SRSecurityPolicy *policy = [[SRSecurityPolicy alloc] initWithCertificateChainValidationEnabled:NO];

SRWebSocket *socket = [[SRWebSocket alloc] initWithURLRequest:request 
                                                    protocols:nil 
                                               securityPolicy:policy];

Certificate Pinning

Certificate pinning via SRSecurityPolicy is currently marked as deprecated in the source code with warnings that it is neither secure nor supported in SocketRocket. It is recommended to use proper Trust Chain validated certificates.