TrustKit-Android icon indicating copy to clipboard operation
TrustKit-Android copied to clipboard

Published 20 hours ago verified publisher icon datatheorem

Wrong public key not blocking the API request.

Open MahaleTushar opened this issue 1 year ago • 0 comments

Describe the bug I have added the wrong public key in network_security_config file, still the API request is working fine. I am using Volley for network request.

`
HurlStack sslHurlStack = new HurlStack() { @Override protected HttpURLConnection createConnection(URL url) throws IOException {

                    HttpsURLConnection httpURLConnection = (HttpsURLConnection) super.createConnection(url);
                    try {
                        httpURLConnection.setSSLSocketFactory(TrustKit.getInstance().getSSLSocketFactory(url.getHost()));
                    } catch (Exception e) {
                    }
                    return httpURLConnection;
                }
            };
            
                RequestQueue mRequestQueue  = Volley.newRequestQueue(context, sslHurlStack);

            `

Expected behavior The API request should fail when the Public key added in network_security_config is incorrect

App details:

  • App target SDK: 32
  • App language: Java
  • Android version to reproduce the bug :12

MahaleTushar avatar May 18 '23 14:05 MahaleTushar