@frozen public enum ServerValidationPolicy
How the Realm client should validate the identity of the server for secure connections.
By default, when connecting to Atlas App Services over HTTPS, Realm will validate the server’s HTTPS certificate using the system trust store and root certificates. For additional protection against man-in-the-middle (MITM) attacks and similar vulnerabilities, you can pin a certificate or public key, and reject all others, even if they are signed by a trusted CA.
Perform no validation and accept potentially invalid certificates.
WarningDO NOT USE THIS OPTION IN PRODUCTION.
Use the default server trust evaluation based on the system-wide CA store. Any certificate signed by a trusted CA will be accepted.
Use a specific pinned certificate to validate the server identify.
This will only connect to a server if one of the server certificates matches the certificate stored at the given local path and that certificate has a valid trust chain.
On macOS, the certificate files may be in any of the formats supported by SecItemImport(), including PEM and .cer (see SecExternalFormat for a complete list of possible formats). On iOS and other platforms, only DER .cer files are supported.
case pinCertificate(path: URL)