jobot0
commented
6 years ago Hey @fcduarte TrustKit-Android is not working with WebViews for now. We don't have plan to support it for now.
Closed fcduarte closed 6 years ago
jobot0
commented
6 years ago Hey @fcduarte TrustKit-Android is not working with WebViews for now. We don't have plan to support it for now.
fcduarte
commented
6 years ago Cool, thanks for letting me know. Closing this now.
nabla-c0d3
commented
6 years ago To add to the previous answer, Android does not provide hooks for customizing how SSL validation is done in WebViews. Hence, the only way to do it is via the Network Security Config, which is only available on API 24+. As by design TrustKit requires using a NetSec config, it explains the behavior you are seeing, but TrustKit is unable to backport WebView pinning to pre 24 (due to the platform's limitations).
lukesterlee
commented
6 years ago Hi. I know this issue is closed but I was not sure if this is not working with webview AT ALL or only before 24. Is WebView pinning possible for API >= 24? I'm trying to make pining working with TrustKit with Turbolinks webview in Android and I was wondering if I can just use TrustKit.getInstance().getTrustManager().checkServerTrusted() and pass the certificate that I got from the website I'm trying to load.
Hey @nabla-c0d3 and @jobot0,
I was doing a few tests here and found out that a device prior to API 24 won't have pinning when calling the WebView class. Is that an expected limitation or something I might be doing wrong?
Thanks!