TechQA.

How does OkHttp handle non-matching domains with cert pinning?

253 views Asked by At

Let's say I pin a cert for a specific domain:

CertificatePinner certPinner = new CertificatePinner.Builder()
    .add("*.domain1.com", CertificatePinner.pin(...))
    .build()
                
OkHttpClient client = new OkHttpClient.Builder()
    .certificatePinner(certPinner)
    .build

How does OkHttp handle requests to other domains (e.g. api.domain2.com)?

  • "No matching cert, no bueno --> SecurityException"

  • "No matching cert, no problemo ++ --> completes request"

++ provided domain2's cert is still signed by C.A. listed in OS-level list of trusted authorities.

okhttp certificate-pinning
Original Q&A
1

There are 1 answers

0
Jesse Wilson On
  • "No matching cert, no problemo ++ --> completes request"

Certificate pinning adds a constraint for matching hosts only.

Related Questions in OKHTTP

Related Questions in CERTIFICATE-PINNING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions