Clarification on the Requirement for Two Certificate Hashes in SSL Pinning

[mikenandi]

Hi,

I noticed that the @bam.tech/react-native-app-security library requires two certificate hashes for SSL pinning, as shown in the example configuration below:

"@bam.tech/react-native-app-security": {
  "sslPinning": {
    "yahoo.com": [
      "TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY=",
      "rFjc3wG7lTZe43zeYTvPq8k4xdDEutCmIhI5dn4oCeE="
    ]
  }
}

Could you please provide some clarification on why two certificate hashes are required for each pinned hostname? What specific security benefits or use cases does this approach address?

Additionally, are there any guidelines or best practices recommended for providing multiple hashes?

Thank you for your assistance.