search

wymsee / cordova-HTTP

Cordova / Phonegap plugin for communicating with HTTP servers. Allows for SSL pinning!
MIT License
372 stars 301 forks source link

Allow pinning certificates to be added at runtime #119

Open jedrivisser opened 7 years ago

jedrivisser commented 7 years ago

If you have a secure channel to distribute certificates, you can update certificates at runtime. This allows you to rotate expired certificates without having to force users to update their app.

adriaanslabbert commented 7 years ago

A much-needed feature. Please merge.

eclipse-za commented 7 years ago

+1 on this feature!

jedrivisser commented 7 years ago

The ios implementation sets the certs when you enableSSLPinning. This removes all previous set cert. You will need to first enable pinning and then add extra certs after that. That should work

Regards Jedri Visser

On 31 Dec 2016 04:15, "Wilson Young" notifications@github.com wrote:

@jedrivisser https://github.com/jedrivisser Hi, is the certificate pinning working on your iOS device? For me, the addPinningCerts method in your PR works fine, but after enableSSLPinning(true), everything stop working without return any error message. I'm using iOS 10.2. Could you verify that on your device? I'm doubt that the ssl pinning function is totally stop working after iOS 9.3 according to the issue #118 https://github.com/wymsee/cordova-HTTP/issues/118

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wymsee/cordova-HTTP/pull/119#issuecomment-269843889, or mute the thread https://github.com/notifications/unsubscribe-auth/AEP8pvQnCTAT9sezZAseHMpYM0VHPv7Tks5rNbrXgaJpZM4KmDFA .

yyfearth commented 7 years ago

Thanks, I just figured it out. Not sure if Android version has the same behavior.

Thanks very much

-- Yufan Yang

On Dec 30, 2016, 10:24 PM -0800, Jedri Visser notifications@github.com, wrote:

The ios implementation sets the certs when you enableSSLPinning. This removes all previous set cert. You will need to first enable pinning and then add extra certs after that. That should work

Regards Jedri Visser

On 31 Dec 2016 04:15, "Wilson Young" notifications@github.com wrote:

@jedrivisser https://github.com/jedrivisser Hi, is the certificate pinning working on your iOS device? For me, the addPinningCerts method in your PR works fine, but after enableSSLPinning(true), everything stop working without return any error message. I'm using iOS 10.2. Could you verify that on your device? I'm doubt that the ssl pinning function is totally stop working after iOS 9.3 according to the issue #118 https://github.com/wymsee/cordova-HTTP/issues/118

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wymsee/cordova-HTTP/pull/119#issuecomment-269843889, or mute the thread https://github.com/notifications/unsubscribe-auth/AEP8pvQnCTAT9sezZAseHMpYM0VHPv7Tks5rNbrXgaJpZM4KmDFA .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub (https://github.com/wymsee/cordova-HTTP/pull/119#issuecomment-269852051), or mute the thread (https://github.com/notifications/unsubscribe-auth/AAk37O5HBHiYhGExK8CXsLJtI2oYwoPEks5rNfUIgaJpZM4KmDFA).