Closed AlexTiehuis closed 4 years ago
Hi @AlexTiehuis .. there is a new version since 2 hours !
The certificate in the demo was expired ! see new demo version it should work.
If you dealing with Wildcard
certificate (sub-domaine) you should set the commonName
to *.domaine.com
:
Https.enableSSLPinning({
host: 'mydomain.nl',
commonName: '*.mydomain.nl',
certificate: certificate
});
Hi @kefahB
I installed a new version of the demo app. Below the results:
CONSOLE INFO file:///app/Users/Alex/nativescript/demos/nativescript-https/src/https.ts:35:13: nativescript-https > Disabled SSL pinning by default
CONSOLE LOG Https.request response {
"content": {
"args": {},
"headers": {
"Accept": "*/*",
"Accept-Encoding": "gzip, deflate, br",
"Accept-Language": "en;q=1",
"Host": "httpbin.org",
"User-Agent": "demo/1.0 (iPhone; iOS 13.3; Scale/3.00)",
"X-Amzn-Trace-Id": "Root=1-5e467401-babe92680e48bc285e388914"
},
"origin": "31.161.17.4",
"url": "https://httpbin.org/get"
},
"headers": {
"access-control-allow-credentials": "true",
"Access-Control-Allow-Origin": "*",
"Content-Type": "application/json",
"Content-Length": "360",
"Server": "gunicorn/19.9.0",
"Date": "Fri, 14 Feb 2020 10:18:41 GMT"
},
"statusCode": 200
}
CONSOLE LOG file:///app/Users/Alex/nativescript/demos/nativescript-https/src/nativescript-https/src/https.ts:27:14: nativescript-https > Enabled SSL pinning
CONSOLE LOG file:///app/main-page.ts:85:14: enabled
CONSOLE LOG Https.request response {
"content": {
"body": "",
"description": "nativescript-https > Invalid SSL certificate! Error Domain=NSURLErrorDomain Code=-999 \"cancelled\" UserInfo={NSErrorFailingURLStringKey=https://httpbin.org/get, NSErrorFailingURLKey=https://httpbin.org/get, _NSURLErrorRelatedURLSessionTaskErrorKey=(\n \"LocalDataTask <F29C88B7-A219-4B60-930B-535D4F2F1705>.<1>\"\n), _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <F29C88B7-A219-4B60-930B-535D4F2F1705>.<1>, NSLocalizedDescription=cancelled}",
"reason": "cancelled",
"url": "https://httpbin.org/get"
},
"headers": {},
"reason": "cancelled"
}
Seems correct, however...
CONSOLE LOG file:///app/Users/Alex/nativescript/demos/nativescript-https/src/nativescript-https/src/https.ts:32:14: nativescript-https > Disabled SSL pinning
CONSOLE LOG file:///app/main-page.ts:90:14: disabled
CONSOLE LOG file:///app/Users/Alex/nativescript/demos/nativescript-https/src/nativescript-https/src/https.ts:27:14: nativescript-https > Enabled SSL pinning
CONSOLE LOG file:///app/main-page.ts:78:14: enabled
CONSOLE LOG Https.request response {
"content": {
"body": "",
"description": "nativescript-https > Invalid SSL certificate! Error Domain=NSURLErrorDomain Code=-999 \"cancelled\" UserInfo={NSErrorFailingURLStringKey=https://httpbin.org/get, NSErrorFailingURLKey=https://httpbin.org/get, _NSURLErrorRelatedURLSessionTaskErrorKey=(\n \"LocalDataTask <64B32475-EA6D-414E-A597-3731B2DA1071>.<1>\"\n), _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <64B32475-EA6D-414E-A597-3731B2DA1071>.<1>, NSLocalizedDescription=cancelled}",
"reason": "cancelled",
"url": "https://httpbin.org/get"
},
"headers": {},
"reason": "cancelled"
}
Still Cancelled
a. Is this what you mean by "Once you've enabled SSL pinning you CAN NOT re-enable with a different host or certificate file."? b. Is this version already available? I keep getting version 1.2.2
@AlexTiehuis 1.3.0 is on npm (you can check that on their website), and indeed if you want to toggle pinning on and off with different certs (which you won't do in a real app) you'll need to kill the app in between.
@AlexTiehuis .. just to be sure .. did you add { from: { glob: "assets/*.cer" } }
to your webpack config ??
I just did and now it works as described. Thank you.
I try to use nativescript-https for certificate pinning. Unfortunately to no effect. I downloaded the .cer file as a "DER Encoded Binary X.509 (CER)" file and as a "Base64 encoded X.509 (*.cer)" but keep getting the log message "Invalid SSL certificate!".
I use following code:
(I tried host 'mysubdomain.mydomain.nl' and '*.mydomain.nl' as well, all to no effect.) The request runs into the .then() branch with an "Invalid SSL certificate!" message.
So I installed the demo application. Unfortunately the demo give the same results. After [npm run demo.ios] from the [src] directory, I did following: 1) press the [Httpbin pinning on] button 2) press the [Get Httpbin] button 3) press the [Get Httpbin (large response] button 4) press the [Get Mockbin] button
All [get] buttons lead to "Invalid SSL certificate!" log messages.
What am I missing or doing wrong?