Tls-inspector - Easily view and inspect X.509 certificates on your iOS device.

Related tags

Developer App tls ssl security gplv3 https ios-app x509 ssl-certificates tls-inspector
Overview

TLS Inspector

Download LICENSE Follow

TLS Inspector Screenshots

Learn More about TLS Inspector »

Project Structure

This is the Git repository for the TLS Inspector iOS application. You will find the source code for the application's front-end interface in TLS Inspector/. The share-extension is located in Inspect Website/. The back-end source used for fetching and examining certificate data is located in CertificateKit/.

Building

Please see BUILDING for information on how to build TLS Inspector yourself.

Sharing & Licensing

The TLS Inspector application, which includes the front-end application and the share extension are GPLv3 licensed.

The back-end framework, CertificateKit, is LGPLv3 licensed.

The name "TLS Inspector" and associated brand imagery such the TLS Inspector logo are copyrighted material and may not be reused without permission.

Comments
  • Certificates Issued by manually trusted CA are marked as

    Certificates Issued by manually trusted CA are marked as "Untrusted"

    Affected Version: 1.60 (31)

    Is this a Test Flight version or the App Store version? AppStore

    Device and iOS Version: iPhone 6s, iOS 11.1.1

    What steps will reproduce the problem?

    1. self signed local domain
    2. CA and cert in iPhones local profiles
    3. TLS Inspector will mark certificate as „error“

    What is the expected output? Well as I accepted the CA in the installed profile, the domain should be green.

    What do you see instead? Certificates and Server marked as error (red x). There is no further info on what is wrong. Details would be helpful (also in case of non-selfsigned CAs/domains)

    Please provide any additional information below.

    bug medium priority merged CertificateKit 
    opened by logopk 12
  • untrusted certificates should report non-conformity with Apple guidelines for validity period and required extensions and key sizes

    untrusted certificates should report non-conformity with Apple guidelines for validity period and required extensions and key sizes

    Affected Version:

    2.0.3

    Is this a Test Flight version or the App Store version?

    App Store version

    Device and iOS Version:

    iPad Air 2, iOS 13.3.1

    What steps will reproduce the problem?

    1. Create your own certificate authority root signing certificate
    2. Use the CA to sign a subject certificate for your own web site
    3. Install the CA root certificate as a trusted root CA on iOS (install a profile with the root CA public key, and then mark it as trusted in the certificate trust settings ("enable full trust for root certificates")
    4. Install the subject certificate and its chain in your web server
    5. connect to the web server with TLS inspector

    What is the expected output?

    TLS inspector should show the site as trusted, like Safari shows.

    What do you see instead?

    TLS says the site is not trusted

    Please provide any additional information below.

    Previous issue #82 claims to have fixed it, but not for me. Possibly something new in iOS 13?

    bug high priority CertificateKit 
    opened by jtkohl 11
  • Crash when CRL Download/Check is enabled

    Crash when CRL Download/Check is enabled

    Affected Version:

    1.7.0 (37)

    Is this a Test Flight version or the App Store version?

    TestFlight

    Device and iOS Version:

    iPhone 7 iOS 11.2.6

    What steps will reproduce the problem?

    1. Enable CRL Check in the preferences
    2. use TLS inspector on an SSL site with an untrusted certificate (e.g. https://untrusted-root.badssl.com or https://pki-demo.idnomic.net, either by entering the host name in the app or within Safari

    What is the expected output?

    TLS Inspector shows the certificate detail

    What do you see instead?

    TLS Inspector crashes early (the interface the is sometimes displayed for less than a second, then crashes)

    Please provide any additional information below.

    disabling the CRL download option fixes the issue for the sites above.

    bug high priority merged CertificateKit TestFlight 
    opened by garz75 7
  • App Crashes when CRL distribution list is on non-HTTP/HTTPS server.

    App Crashes when CRL distribution list is on non-HTTP/HTTPS server.

    Affected Version: 1.6.0 (31)

    Is this a Test Flight version or the App Store version? App Store

    Device and iOS Version: iPad Mini 2 - 9.3.3, iPhone 8 - 11.0.3/11.1.1 iPhone 6 - 11.0.3

    What steps will reproduce the problem?

    1. Create Root CA
    2. Create Self Signed Certificate with the root
    3. Bind on IIS and install CA on device

    What is the expected output? Should show if certificate chain is valid/invalid

    What do you see instead? App Crashes

    bug high priority merged CertificateKit 
    opened by ghost 7
  • Connection information section shows incorrect IP(v6) - NOT actual webserver

    Connection information section shows incorrect IP(v6) - NOT actual webserver

    Affected Version:

    2.0.2(73)

    Is this a Test Flight version or the App Store version?

    App Store

    Device and iOS Version:

    iPhone X - 13.3.1

    What steps will reproduce the problem?

    1. Enter "burn.net" into app.
    2. Observe "connection information".

    What is the expected output?

    The IP address of burn.net: 2607:f2f8:a4c8::2

    What do you see instead?

    An IP address from the same prefix, but I have no idea what the specific host bits are corresponding to:

    2607:f2f8:a4c8:0:8100:e32b:7d3a:b5a4

    Please provide any additional information below.

    Screenshot - https://imgur.com/a/pGbdXlS

    bug high priority merged CertificateKit 
    opened by vom513 6
  • Include UserAgent header for HTTP Server Info request

    Include UserAgent header for HTTP Server Info request

    Affected Version:

    1.6.0

    Is this a Test Flight version or the App Store version?

    App Store

    Device and iOS Version:

    All

    What steps will reproduce the problem?

    1. Make a request to a HTTP Server that requires a UserAgent Header
    2. Request fails

    What is the expected output?

    Request should work

    What do you see instead?

    Request fails, because no user agent was provided

    Please provide any additional information below.

    bug medium priority merged CertificateKit easy 
    opened by ecnepsnai 5
  • Add OCSP Must Staple Information

    Add OCSP Must Staple Information

    A short description of the feature you're requesting:

    Add the OCSP Must Staple information to the certificate's information.

    How do you imagine this feature looking? Are there any examples of other implementations?

    This feature appears in OpenSSL as an entry called "TLS Feature". Because other TLS features may be added, categorize the information in the certificate into one category.

    How do you feel this feature will benefit TLS Inspector?

    More information is available in the current certificate information.

    OpenSSL x509 Information (Example)

    Information Using OCSP Must Staple:

    ...
            X509v3 Subject Alternative Name:
                DNS:blabla.
            TLS Feature:
                status_request
            X509v3 Certificate Policies:
...

    Information without OCSP Must Staple:

    ...
            X509v3 Subject Alternative Name:
                DNS:blabla.
            X509v3 Certificate Policies:
...

    I can not speak english very well. Sorry.

    enhancement medium priority merged CertificateKit 
    opened by hakasenyang 3
  • Problem with share-function from other browsers

    Problem with share-function from other browsers

    Affected Version: Multiple? I believe I have had this problem for some time. Now I run 1.5.3.29.1.1.0e

    Is this a Test Flight version or the App Store version? No

    Device and iOS Version: iPhone 8 iOS 11 and iPhone 7 iOS 11.

    What steps will reproduce the problem?

    1. Start Chrome, Brave, Firefox or Opera Mini.
    2. Go to a https-enabled site. Eg https://www.google.com
    3. Use the Share-function and select Show Certificate.

    What is the expected output? Information about the certificate to be displayed.

    What do you see instead? An error message in TLS-Inspector says " Unsupported Scheme. Only HTTPS sites can be inspected."

    Please provide any additional information below. It works on Safari and Firefox Focus.

    bug high priority share-extension 
    opened by larssonper 3
  • Proxy support?

    Proxy support?

    I'm trying to troubleshoot an issue with IOS10 and SSL through a custom PAC file.. If a proxy is defined in network settings it would be great for this app to parse and use them ...

    enhancement medium priority 
    opened by oedstero 3
  • Option to hide result when sharing to

    Option to hide result when sharing to "View on SSL Labs"

    When sharing a domain name to "View on SSL Labs" the result of the test will be shared on the dashboard of ssllabs.com (https://www.ssllabs.com/ssltest/index.html). This can be disabled by checking the box "Do not show the results on the boards" on the query website as well as by appending &hideResults=on to the query URL. (e.g. https://www.ssllabs.com/ssltest/analyze.html?d=github.com&hideResults=on)

    This option control could possibly be implemented by displaying a summary view of the data which will be sent to ssllabs.com and a switch control after selecting "View on SSL Labs" from the share menu.

    This feature would enhance the privacy of a query.

    bug medium priority easy 
    opened by der-knappes 2
  • Update to OpenSSL 1.1.1g

    Update to OpenSSL 1.1.1g

    The OpenSSL team has announced the upcoming release 1.1.1g which includes a fix for a high severity vulnerability.

    Details regarding the vulnerability are not yet known. It is not known if TLS Inspector is impacted, however we will update as soon as the release is available.

    high priority CertificateKit vulnerability 
    opened by ecnepsnai 2
  • Show Certificate extension is very small on iPad

    Show Certificate extension is very small on iPad

    Affected Version:

    1.3.0+

    Is this a Test Flight version or the App Store version?

    Both

    Device and iOS Version:

    iPad

    What steps will reproduce the problem?

    1. In Safari, tap share then tap Show Certificate

    What is the expected output?

    The certificate window to occupy more of the screen

    What do you see instead?

    It only taking a small portion of the screen

    Please provide any additional information below.

    bug user interface 
    opened by ecnepsnai 0
  • Implement DoT/DoH

    Implement DoT/DoH

    A short description of the feature you're requesting:

    TLS Inspector is equipped to implement a DoT/DoH client that users could use to skip the systems DNS nameservers.

    How do you imagine this feature looking? Are there any examples of other implementations?

    Under Advanced Options a new toggle for "Use Custom DNS Server", enabling it revels an input and a radio with "DNS", "DoH", and "DoT".

    A pre-getter should be added (may tie into #208) that performs the lookup, and passes the IP Address to connect to + domain name to validate to the getter.

    How do you feel this feature will benefit TLS Inspector?

    DoT/DoH provide privacy benefits, and DNS resolver can be used as a form of traffic inspection.

    enhancement low priority CertificateKit 
    opened by ecnepsnai 0
  • Warn on Apple CT Policy Violations

    Warn on Apple CT Policy Violations

    Apple's CT policy is now active for certificates issued after October 15th 2018: https://support.apple.com/en-ca/HT205280

    TLS Inspector should show a specific warning when a certificate is untrusted because of these policy violations.

    enhancement low priority CertificateKit 
    opened by ecnepsnai 0
  • Report if certificate meets App Transport Security requirements.

    Report if certificate meets App Transport Security requirements.

    This is a feature suggestions not a bug report.

    I think it would be very convenient if the app could report not only if a certificate is trusted by the system but if it meets Apple’s new standards for “App Transport Security.”

    These standards specify allowed ciphers and other requirements, and apps need to request specific exceptions in order to use HTTPS with hosts that don’t meet those standard.

    Why would this be useful? I suspect many of the fans of this app are developers, and it’s a question anyone working on iOS needs to answer about their servers.

    enhancement low priority 
    opened by algal 1
Releases(2.5.2)

  • 2.5.2(Nov 2, 2022)

    Thanks for using TLS Inspector!

    • Updates OpenSSL to 3.0.7 to address high severity security vulnerability.

    This update also applies to iOS 9, 10, and 11 devices as well. There will be no further updates to the app on those devices going forward. For real this time.

    Source code(tar.gz)
    Source code(zip)

  • 2.5.1(Oct 1, 2022)

    Thanks for using TLS Inspector!

    If you're using an older iOS device then this update is dedicated to you.

    • Fixes a crash on older iOS devices
    • Removes links to online services on older iOS devices

    Important note: this will be the last release of TLS Inspector for devices on iOS 9, 10, and 11. The next update of TLS Inspector will support iOS 12 or newer. The following devices are no longer supported:

    • iPhone 4s, 5, and 5c
    • iPad 2nd, 3rd, and 4th generation
    • iPad Mini 1st generation
    • iPod Touch 5th generation

    We strive to maintain support for older iOS devices when possible, however Apple has removed support for building apps on older iOS versions.

    As TLS Inspector does not rely on any specific online service to function; the app should continue to function as long as the device can connect to a network. However, you may see trust warnings as the root certificates on the device age and begin to expire.

    Source code(tar.gz)
    Source code(zip)

  • 2.5.0(Sep 29, 2022)

    Oh hello, didn't see you there, reading the update notes are you? Good decision. Sometimes people write all sorts of little useful bits and pieces here, you never know what you'll find!

    Anyways, onto this release!

    • Custom inspection parameters that differ from the defaults are now shown on the recently inspected list
    • When OpenSSL is used, you can now view the keying material used in the handshake
    • Additionally, you can export a NSS keylog file which can be imported into tools like WireShark for some seriously advanced debugging
    • Fixed a bug where some IPv4 addresses were being displayed as IPv6
    • Minor visual improvements
    • Fixed a crash for our friends still rocking iOS 9 like it's 2015 all over again, keep on keeping on you brave souls
    • Update OpenSSL to 3.0.3
    • Update tiny-curl to 7.79.1

    TLS Inspector has and always will be a force for social good. Right now, access to life-saving healthcare and body autonomy is being threatened all across the United States. When able, please exercise your civil liberties and call or write to your representatives demanding that they work to protect abortion access. Regardless of wether or not you may ever need to use these services, we all need to stand together to oppose regressive legislation that will accomplish nothing but harm and suffering.

    Source code(tar.gz)
    Source code(zip)

  • 2.4.9(Sep 29, 2022)

  • 2.4.8(Sep 29, 2022)

  • 2.4.7(Sep 29, 2022)

    Oh hello, remember us? Your old pal TLS Inspector is back again with a fresh update to keep things running smooth.

    Here's what you need to know:

    • Updated OpenSSL to 3.0.1
    • Updated tiny-curl to 7.79.1
    • Improved messages for DNS-related errors
    • Fixed issues with connection information on iOS 12
    Source code(tar.gz)
    Source code(zip)

  • 2.4.6(Aug 24, 2021)

  • 2.4.5(Jul 18, 2021)

  • 2.4.4(May 29, 2021)

  • 2.4.3(May 19, 2021)

  • 2.4.2(May 7, 2021)

    • Clarified that the "Not Before" and "Not After" times are in UTC
    • Added a "Valid For" and "Will Expires In" cells, which shows the maximum age of the certificate, and how long until it expires
    • Fixed a bug where certificates that were valid for only a few more hours were incorrectly marked as expired
    Source code(tar.gz)
    Source code(zip)

  • 2.4.1(Apr 28, 2021)

  • 2.4.0(Apr 25, 2021)

    • Introduced advanced inspection
    • Added support for international domain names
    • Implemented a workaround for IPv4/IPv6 issues
    • Improved usability for folks who use VoiceOver - many buttons now have descriptive labels to make navigating the app easier!
    • Changed the way recent lookups are stored on your device so all those juicy extra details you can specify in advanced lookup are saved.
    • Updated to OpenSSL 1.1.1k
    • Fix a crash that was occurring on some OCSP and CRL responses
    Source code(tar.gz)
    Source code(zip)

  • 2.4.0-b3(Apr 21, 2021)

  • 2.4.0-b2(Apr 21, 2021)

  • 2.4.0-b1(Mar 28, 2021)

  • 2.3.1(Jan 24, 2021)

  • 2.3.0(Jan 6, 2021)

    Happy New Year!

    This is an important update to TLS Inspector, bringing two important new features!

    Firstly, let's give a warm & friendly "client hello" to the new modern Apple Crypto Engine. TLS Inspector now uses the modern Network framework provided by Apple to fetch certificate information. What this means for you is improved stability, performance, and most importantly: accurate results. With the new Network framework, TLS Inspector will now show identical results as to what Safari or most other apps on your device would use.

    The Network Framework is available on devices running iOS 12 or later. You will automatically be switched to the new modern engine if you have the "Apple" engine currently selected. Users who have selected the OpenSSL engine will not be impacted. Devices running iOS 9 and 10 will continue to be supported using the legacy engine, which will be available should you need it.

    Next up, TLS Inspector is now available on macOS computers with a M1 processor! Enjoy the same great experience of using an iPad on your Mac. Work to bring TLS Inspector to Intel-based macs is being investigated. Please note that the 'Show Certificate' extension is not available when used on a Mac. We are investigating ways to bring this functionality over to Mac users.

    But we're not done there! For a limited time only we're throwing in these great extras for the low-low price of free:

    • Improved reliability of HTTP header fetching
    • Fixed a slew of small UI bugs impacting iPad users
    • Improved the wording of locally trusted certificates
    Source code(tar.gz)
    Source code(zip)

  • 2.3.0-b4(Jan 3, 2021)

  • 2.3.0-b3(Jan 3, 2021)

  • 2.3.0-b2(Dec 19, 2020)

  • 2.3.0-b1(Dec 18, 2020)

  • 2.2.1(Dec 9, 2020)

  • 2.2.0(Oct 10, 2020)

    • Added a link to view a specific certificate on crt.sh
    • If the server redirected TLS Inspector it will now show you where the destination was
    • Tapping on "Server Redirected To" will inspect that domain
    • Corrected the label for "SHA1"
    • And a bunch of minor bug fixes and improvements
    Source code(tar.gz)
    Source code(zip)

  • 2.1.1(Oct 3, 2020)

  • 2.0.7(Jun 7, 2020)

  • 2.0.5(Mar 28, 2020)

  • 2.0.4(Mar 27, 2020)

    • Improved identification of certificates that don't meet Apple's standards. (Special thanks for Github user jtkohl, and Chrome developers Ryan S and David B for helping!)
    • Improved logging for debugging tricky issues (like the one above!)
    Source code(tar.gz)
    Source code(zip)

  • 2.0.3(Feb 18, 2020)

    • Fixed a crash that was occurring for some users with custom ciphers specified
    • Fixed an issue where only a partially correct IPv6 remote address was displayed
    • Fixed an issue where logs weren't attached to support emails
    • Fixed an issue where the copy menu item would show up where it wasn't welcome
    Source code(tar.gz)
    Source code(zip)

  • 2.0.2(Feb 5, 2020)

    • TLS Inspector now officially supports inspecting non-web TLS servers, such as SMTPS, IMAPS, etc.
    • Fixed a bug where a non-stardard port was not saved in the recent lookup list
    • Fixed a bug where the email sheet would not dismiss after contacting us
    Source code(tar.gz)
    Source code(zip)
Owner
TLS Inspector
The official Github organziation for the TLS Inspector iOS app.
TLS Inspector
GitHub https://tlsinspector.com/
Dash-iOS - Dash gives your iPad and iPhone instant offline access to 200+ API documentation sets

Discontinued Dash for iOS was discontinued. Please check out Dash for macOS instead. Dash for iOS Dash gives your iPad and iPhone instant offline acce

Bogdan Popescu 7.1k Dec 29, 2022
A native Jellyfin client for Apple platforms (iOS, macOS and tvOS)

Jellyfin Swift (working title) is a native Swift app targeting all modern Apple devices (iOS, ipadOS, tvOS and macOS).

Julien Machiels 3 Jun 7, 2021
BaseConverter-iOS - The fast and easy way to convert numbers with tons of possibilities!

BaseConverter-iOS The fast and easy way to convert numbers with tons of possibilities! With BaseConverter, convert your numbers from and to: Decimal B

Groupe MINASTE 3 Feb 8, 2022
Bitrise-iOS - Client iOS app for bitrise.io 🚀

?? SwiftUI version is available as beta ?? Bitrise iOS Client app ?? Features ✅ App List GET /me/apps Shows last visited app page on launch ✅ Build Li

Toshihiro Suzuki 142 Dec 19, 2022
Buglife-iOS - Awesome bug reporting for iOS apps

Buglife is an awesome bug reporting SDK & web platform for iOS apps. Here's how it works: User takes a screenshot, or stops screen recording User anno

Buglife 498 Dec 17, 2022
Charter - A Swift mailing list client for iPhone and iPad

Due to costs and lack of interest, I’ve had to take down the Charter service. If you’re interested in running your own copy, get in touch and I can se

Matthew Palmer 526 Dec 24, 2022
DevTool - A simple UI and powerful Mac OS application, Such as JSON-Formatting tool, JSON-to-model tool, AppIcon generator, Network-Request tool...

?? ?? ?? A simple UI and powerful Mac OS application. It is a collection of tools commonly used in my development work. Such as JSON-Formatting tool, JSON-to-model tool, AppIcon generator, Network-Request tool...

渠晓友 3 Dec 21, 2022
Awesome-ML - Discover, download, compile & launch different image processing & style transfer CoreML models on iOS.

⚠️ ⚠️ ⚠️ IMPORTANT: I'm no longer maintaining Awesome-ML. Awesome ML is an iOS app that is made to demonstrate different image processing CoreML model

eugene 171 Nov 8, 2022
DevSwitch - An iOS app for switching between countries on the App Store with ease.

Archived as of 24/04/2021. Apple has again broken the URLs required for storefront switching. I've decided to archive DevSwitch due to this. If Apple

Aaron Pearce 432 Jan 3, 2023
IOS - Unofficial app for Swift Evolution

EVOlution - iOS The goal of this project is for the version 1.0 was: bring to iOS the experience provided by Swift Evolution website. Now we are shift

EVOlution App 235 Dec 19, 2022
COVID Certificate is the official app for storing and presenting COVID certificates issued in Switzerland.

COVID Certificate is the official app for storing and presenting COVID certificates issued in Switzerland. The certificates are kept and checked locally on the user's phone.

Swiss Admin 111 Dec 19, 2022
SSL/TLS Add-in for BlueSocket using Secure Transport and OpenSSL

BlueSSLService SSL/TLS Add-in framework for BlueSocket in Swift using the Swift Package Manager. Works on supported Apple platforms (using Secure Tran

Kitura 87 Nov 15, 2022
SSL/TLS Add-in for BlueSocket using Secure Transport and OpenSSL

BlueSSLService SSL/TLS Add-in framework for BlueSocket in Swift using the Swift Package Manager. Works on supported Apple platforms (using Secure Tran

Kitura 87 Nov 15, 2022
Tool to debug layouts directly on iOS devices: inspect layers in 3D and debug each visible view attributes

Introduction Features Inspect layouts directly on iOS devices Inspection could be triggered only if app is running under DEBUG build configuration, so

Ihor Savynskyi 510 Dec 24, 2022
All new design. Inspect your iOS application at runtime.

Peek: All new design Peek 5 with an all new design and all new features. Whether you're a developer, designer or QA/tester, Peek can help you at all s

Shaps 2.6k Dec 17, 2022
A realistic reflective shimmer to SwiftUI Views that uses device orientation. Position any View relative to device orientation to appear as if through a window or reflected by the screen.

A 3d rotation effect that uses Core Motion to allow SwiftUI views to appear projected in a specific direction and distance relative to the device in r

Ryan Lintott 235 Dec 30, 2022
In-app design review tool to inspect measurements, attributes, and animations.

Hyperion Hyperion - In App Design Review Tool What is it? Hyperion is a hidden plugin drawer that can easily be integrated into any app. The drawer si

WillowTree, LLC 2k Dec 27, 2022
Informant is a macOS menu bar app that lets you inspect files with a single click. 🔍

Informant Inspect files with a single click. Introduction Welcome! If you're not sure what Informant is or what it does please check out informant-app

Ty Irvine 31 Nov 7, 2022
Simulate any device and settings on one simulator or device.

SwiftUI-Simulator Enables the following settings without settings or restarting the simulator or real device. Any device screen Light/Dark mode Locale

Yusuke Hosonuma 70 Dec 19, 2022
Swift library to easily check the current device and some more info about it.

Usage To run the example project, clone the repo, and run pod install from the Example directory first. let device = Deviice.current device is a Devi

Andrea Mario Lufino 56 Nov 3, 2022