Category : pinning

Recently, I’ve been testing the certificate pinning implementation provided by OkHttp using version 4.9.0 + Retrofit 2.9.0; And I’ve noticed that the hash check is not conjunctive but rather disjunctive. According to the example implementation the certificate chain of publicobject.com: Peer certificate chain: sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA ..

Read more

We are using the below code for SSL pinning. But, this below class doesn’t throw an exception when we try to establish a network connection using HttpsURLConnection with an expired certificate. Please let us know if there is any issue with this code. import android.content.Context; import java.io.BufferedInputStream; import java.io.InputStream; import java.security.KeyStore; import java.security.SecureRandom; import java.security.cert.Certificate; ..

Read more

I followed the recommendations given in the google faq page here https://support.google.com/faqs/answer/7188426 for proper implementation of HostnameVerifier. This is my current implementation: private HostnameVerifier getHostnameVerifier(final URL url) { return new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { String host_name = " examplesomething.com" if(url.getHost().equals(host_name) && session.getPeerHost().equals(host_name)){ return true; }else{ return false; } } As ..

Read more