TrustKit-Android icon indicating copy to clipboard operation
TrustKit-Android copied to clipboard

Published 20 hours ago verified publisher icon datatheorem

Enforce pinning not respected in Android 5.0

Open polivmi1 opened this issue 5 years ago • 0 comments

Describe the bug When using the TrustKit on 5.0 device, I am getting javax.net.ssl.SSLHandshakeException: Certificate validation failed for ... When checking the log, it has correct parameters: E/CERT ERROR: "include-subdomains": false, E/CERT ERROR: "enforce-pinning": false, E/CERT ERROR: "validation-result": 2,

These are respected on Android 8.0 The CERT ERROR: "validated-certificate-chain": contains the correct certificate, that is in the xml file and served-certificate-chain": are also same. known-pins are also correct.

To Reproduce I can only reproduce on the 5.0 device, works correctly in emulator I am not including the domain, because it is accessible only on private network

Expected behavior It shouldn't fail and if it fails, it shouldn't block the traffic with enforce-pinning set to false (works well on other devices)

TrustKit configuration

domain.com f3n+wu1f9Z4QvyZZAItVF55NNBJpDFf8f68P/uLyRHA= BnGNbPrwbfsIyAu+IjeZ/nAOloLMEVQXNAyQse4u/nA= subdomain.domain.com KZOAUwc92hHmVhuD8TaDaMp3yLKF1Y6vaurRigRS8w8= EjGCjEFfzshXkT1QHH0fVfCjhy5CqZkB3TxXYRrokUI=

App details:

  • App target SDK: 28
  • App language:Java
  • Android version to reproduce the bug: 5.0

polivmi1 avatar Oct 08 '19 15:10 polivmi1