Closed YogeshwarSharma closed 6 years ago
Hi,
I have integrated the trust kit and its working fine in Android N and above but not working in Android KitKat like when I am passing the wrong key in network-config file it still allow me to access the API.
I am using this with retrofit.
The error could come from how the expiration date from the pin-set
attribute is managed. Is it set to a "correct" date, meaning a date after today ?
Yes, Its set after today. Actually, I am using the retrofit and passing the domain name to URL like below URL url = new URL("mydomain.com"); String serverHostname = url.getHost(); SSLSocketFactory socketFactory = TrustKit.getInstance().getSSLSocketFactory(serverHostname); builder.sslSocketFactory(socketFactory);
But this is not working in retrofit.
Thanks I'm looking into it and let you know when I'm able to reproduce the bug. Could you give more information about the version of TrustKit-Android you're using and also the one for Retrofit ?
Trust kit version: 1.0.3 retrofit version: 2.0.2
Hey @YogeshwarSharma sorry I'm still not able to reproduce your bug could you post your network_security_config here ?
Hey @YogeshwarSharma have you resolved your issue ?
Ya, It has been resolved and that is not from your side.
@YogeshwarSharma can you tell me what issue you had and how did you solve it? I am facing similar issue on android Kitkat.
@soumyamishra89 Just mention only domains for which the certificate pinning should verify. So, In network_security_config, Add the domains to include and with this change, certificate pinning will be only applicable to the mentioned domains
<domain-config>
<domain includeSubdomains="true">google.com</domain>
<!-- Valid pins -->
<pin-set>
<pin digest="SHA-256">key</pin>
<pin digest="SHA-256">backupkey</pin>
</pin-set>
<trustkit-config enforcePinning="true" disableDefaultReportUri="true"/>
</domain-config>
Hey @YogeshwarSharma thanks for testing the library. Could you give more details about your error ?