SDWebImage Now Validates SSL Certificates
SDWebImage is a popular iOS library for implementing asynchronous image downloads. Last year, I reported to the development team that SDWebImage had SSL certificate validation disabled when fetching data over HTTPS.
The issue was introduced in June 2014 in version 3.7.0: certificate validation was disabled as a side-effect of adding support for NTLM authentication to the library’s NSURLConnectionDelegate
. The specific commit is available here.
The team just released version 3.7.2, which finally addresses this issue and re-enables certificate validation; the actual fix can be seen here. If you’re using SDWebImage in your App, make sure to update the latest version (as always)!