Not working in Android Kitkat

datatheorem / TrustKit-Android

Easy SSL pinning validation and reporting for Android.

MIT License

584 stars 87 forks source link

Not working in Android Kitkat #37

Closed YogeshwarSharma closed 6 years ago

jobot0 commented 6 years ago

Hey @YogeshwarSharma thanks for testing the library. Could you give more details about your error ?

YogeshwarSharma commented 6 years ago

Hi,

I have integrated the trust kit and its working fine in Android N and above but not working in Android KitKat like when I am passing the wrong key in network-config file it still allow me to access the API.

I am using this with retrofit.

jobot0 commented 6 years ago

The error could come from how the expiration date from the pin-set attribute is managed. Is it set to a "correct" date, meaning a date after today ?

YogeshwarSharma commented 6 years ago

Yes, Its set after today. Actually, I am using the retrofit and passing the domain name to URL like below URL url = new URL("mydomain.com"); String serverHostname = url.getHost(); SSLSocketFactory socketFactory = TrustKit.getInstance().getSSLSocketFactory(serverHostname); builder.sslSocketFactory(socketFactory);

But this is not working in retrofit.

jobot0 commented 6 years ago

Thanks I'm looking into it and let you know when I'm able to reproduce the bug. Could you give more information about the version of TrustKit-Android you're using and also the one for Retrofit ?

YogeshwarSharma commented 6 years ago

Trust kit version: 1.0.3 retrofit version: 2.0.2

jobot0 commented 6 years ago

Hey @YogeshwarSharma sorry I'm still not able to reproduce your bug could you post your network_security_config here ?

jobot0 commented 6 years ago

Hey @YogeshwarSharma have you resolved your issue ?

YogeshwarSharma commented 6 years ago

Ya, It has been resolved and that is not from your side.

soumyamishra89 commented 5 years ago

@YogeshwarSharma can you tell me what issue you had and how did you solve it? I am facing similar issue on android Kitkat.

YogeshwarSharma commented 5 years ago

@soumyamishra89 Just mention only domains for which the certificate pinning should verify. So, In network_security_config, Add the domains to include and with this change, certificate pinning will be only applicable to the mentioned domains

  <domain-config>
        <domain includeSubdomains="true">google.com</domain>
        <!-- Valid pins -->
        <pin-set>
            <pin digest="SHA-256">key</pin>
            <pin digest="SHA-256">backupkey</pin>
        </pin-set>
        <trustkit-config enforcePinning="true" disableDefaultReportUri="true"/>
    </domain-config>