Using includeHost() could be error prone
Closed this issue · 1 comments
mattmook commented
Raised by @saran2020 and moved from babylonhealth/certificate-transparency-android#70
When setting up this library, it's mandatory to set at-least one host to set CT for. Now lets say we have wrongly configured host name (Could be wrong regex or a typo) in includeHost()
will cause the enabledForCertificateTransparency(String) to fail and thus return a success (VerificationResult.Success.DisabledForHost
)
Eg:
.hostnameVerifier(certificateTransparencyHostnameVerifier(
OkHostnameVerifier.INSTANCE
) {
+"github.con" // wrong hostname, by mistaked added .co**n** instead of .co**m**
})
Will cause all the calls to github.com
to succeed.
Suggestion to resolve
- Make the default as CT enabled for all the hosts
This way people with basic usecase do not need to do additional configuration and this mitigating the issue.
mattmook commented
Yes I agree this is a very good point, it would certainly remove any doubt that its working as expected