ServerValidationPolicy

@frozen
public enum ServerValidationPolicy

How the Realm client should validate the identity of the server for secure connections.

By default, when connecting to Atlas App Services over HTTPS, Realm will validate the server’s HTTPS certificate using the system trust store and root certificates. For additional protection against man-in-the-middle (MITM) attacks and similar vulnerabilities, you can pin a certificate or public key, and reject all others, even if they are signed by a trusted CA.

  • Perform no validation and accept potentially invalid certificates.

    Warning

    DO NOT USE THIS OPTION IN PRODUCTION.

    Declaration

    Swift

    case none
  • Use the default server trust evaluation based on the system-wide CA store. Any certificate signed by a trusted CA will be accepted.

    Declaration

    Swift

    case system
  • Use a specific pinned certificate to validate the server identify.

    This will only connect to a server if one of the server certificates matches the certificate stored at the given local path and that certificate has a valid trust chain.

    On macOS, the certificate files may be in any of the formats supported by SecItemImport(), including PEM and .cer (see SecExternalFormat for a complete list of possible formats). On iOS and other platforms, only DER .cer files are supported.

    Declaration

    Swift

    case pinCertificate(path: URL)