How to set custom SSL Pinning verification for HTTP2ClientTransport.TransportServices

[sagarthecoder]

Previously, I was using HTTP2ClientTransport.Posix, where I could configure custom SSL pinning verification using a certificate hash via HTTP2ClientTransport.Posix.TransportSecurity.

For example:

let transportSecurity = configureTransportSecurity()
let transport = try HTTP2ClientTransport.Posix(
    target: .dns(host: host, port: port),
    transportSecurity: transportSecurity
)

private func configureTransportSecurity() -> HTTP2ClientTransport.Posix.TransportSecurity {
    let expectedHashList = "My_Hash"
    
    return .tls(configure: { tlsConfig in
        tlsConfig.trustRoots = .systemDefault
        tlsConfig.serverCertificateVerification = .fullVerification
        
        tlsConfig.customVerificationCallback = { certificateChain, validationResult in
            do {
                if valid {
                    validationResult.succeed(.certificateVerified(metadata))
                }
                
                if notValid {
                    validationResult.fail(NIOSSLError.unableToValidateCertificate)
                }
            } catch {
                validationResult.fail(NIOSSLError.unableToValidateCertificate)
            }
        }
    })
}

However, when using Posix on iOS, we sometimes encounter permission denied issues. Because of this, we want to migrate to HTTP2ClientTransport.TransportServices.

The problem is that HTTP2ClientTransport.TransportServices.TransportSecurity does not provide a customVerificationCallback.
As a result, we can no longer validate our custom SSL certificate hash against the server.

Question:
How can we implement SSL pinning / custom certificate hash validation when using HTTP2ClientTransport.TransportServices?