In iOS SSL pinning is not working

Question

In iOS SSL pinning is not working

imanshul opened this issue 3 months ago · 1 comments

I've tried and in iOS, whatever may be the key, the APIs always go through and never throws error. I've tested example app as well, on invalid scenario it always return success for fetch.

Please check.

Simulator Screenshot - iPhone 15 Pro - 2024-08-29 at 16 16 09

Simulator Screenshot - Android - 2024-08-29 at 16 14 09

Answer 1 · 2024-08-31T05:53:22.000Z

@imanshul Is this right after you launch the app, or did you successfully fetch first from the domain before attempting to pin?

Please see this note about iOS:
https://github.com/frw/react-native-ssl-public-key-pinning?tab=readme-ov-file#known-issues

On iOS, SSL/TLS sessions are cached. If a connection to your site previously succeeded, setting a pinning configuration that should fail the following request would not actually fail it since the previous session is used. You will need to restart your app to clear out this cache.

Try to restart the app, immediately initialize pinning with the Invalid Example, and then attempt to fetch from google.com