Android Telemetry DigiCert Certificate Pinning #3888
Comments
bleege
added
Android
|
OkHttp is in the process of moving it's pinning support from SHA1 to SHA256. The current version In the interim, I used the latest 02-25 17:37:46.588 26861-27052/com.mapbox.mapboxsdk.testapp E/MapboxEventManager: FlushTheEventsTask borked: java.lang.IllegalArgumentException: pins must start with 'sha1/': sha256/kR9ysyN/lzBl/ecearDERV7qO7xqSN4jt6XuQjIVL0I= |
|
Successfully generated and tested SHA1 and SHA256 pins for the DigiCert with @ianshward tonight. The next step will be to organize these in the dev branch so that they include the SHA1 for Staging, Geotrust, and Digicert. This will enable all 3 options for submitting Telemetry to Mapbox. Will comment out the SHA256 values as they won't be needed until the project upgrades to OkHttp 3.2.0 at the earliest. |
|
I organized the pins to only use SHA1 for Staging, Prod Geotrust, and Prod Digicert for now as Mapbox is using OkHttp 3.1.2. I retested to make sure that Staging and Prod still worked (Geotrust) and they did. I put the SHA256 pins into comments in the source code so that the project can switch to those when OkHttp 3.2.0 is released as SHA256 is the new preference for OkHttp going forward. |
|
Rebased, Squashed, and Merged. ☑️ |
The initial Android Telemetry build out was able to integrate Certificate Pinning for Staging and Production as they both use Geotrust. However to provide for certificate revocation and fallback it also needs to add support for Prod's Digicert certificate.
Implementing this will require coordination with @ianshward. Will look to schedule ASAP.
/cc @camilleanne @mick
The text was updated successfully, but these errors were encountered: