Currently, we use code that depends on the X-Cert-Pinning-Signature HTTP header. However, some servers lowercase the values before they send the response, resulting in the x-cert-pinning-signature HTTP header which we later fail to check.
We should lowercase all response headers in the map and compare the lowercase headers.
Currently, we use code that depends on the
X-Cert-Pinning-SignatureHTTP header. However, some servers lowercase the values before they send the response, resulting in thex-cert-pinning-signatureHTTP header which we later fail to check.We should lowercase all response headers in the map and compare the lowercase headers.