Open spineau opened 3 years ago
I am facing a similar problem. I have a intermediate pin with RSA 3072 bits. Is there a workaround to skip the intermediate and check the pin of the server certificate instead?
Hi team,
We have the same issue, and it took a very long time to identify this as the source of our problems.
Our new certificate is generated by Gandi, which is a well-known institution that generates thousands of certificates that need the intermediate certificate authority of Gandi.
However, their certificate is generated with a length of 3072 bits.
So, we have no option to change their certificate, and the TrustKit package generates errors when it tries to validate the chain certificate received from our server.
Your kind support would be really appreciated.
Thanks in advance. Louis-Marie
Looks like the original request is pretty old at this point but adding another +1 to this request to support 3072 bit RSA as we're seeing most of our new client certs be generated in 3072.
Can we get the changes from the first comment into a PR to help facilitate the review process? Or is this something already on the roadmap at this point?
I've put these changes and a corresponding test case into the PR noted above. @nabla-c0d3 any chance this could get on the road map to be reviewed and pulled in for release?
Any chance to get an update?
I'm not totally sure who is actively maintaining the repo and would be best to tag to possibly get some eyes on this soon. Based on recent PR reviews maybe @EthanArbuckle?
Acknowledged, thanks for the ping and PR! We'll review and aim for a new release of TrustKit by EOW
Hi,
Would it be possible to add the support for pinning certificates with RSA public keys of size 3072 or 1024 bits ?
In TrustKit/Pinning/TSKSPKIHashCache.m, something like :
Regards.