Details
-
Improvement
-
Resolution: Done
-
Major
-
None
Description
CBL expects pinned cert to be leaf cert and pinning of any other cert is disallowed. This may not be suitable in all cases. Since the leaf cert is likely to expire much sooner than the intermediary or root cert, it is desirable to support pinning of any cert in the cert chain.
Android's network security configuration also supports this model
Attachments
Issue Links
- relates to
-
CBL-2863 Support matching pinned cert with any server certs in the chain
- Closed