Add SSL pinning as an option for debug
mgolokhov opened this issue · 1 comments
mgolokhov commented
For the current firebase hosting to extract a public key, we can use
https://www.ssllabs.com/ssltest/analyze.html?d=dodroid-6f241.web.app
Result for Leaf (middle?) certificate:
Fingerprint SHA256: 9fc0534b29a50895179dc794f85cf994a6354594d2c41ced5441a8c9c7abe5b9
Pin SHA256: fm0SEuAdUu/JvjeuKT5rUTGp5XibsNski/y43V5JSY8=
Root certificate (GTS CA 1O1):
Fingerprint SHA256: 95c074e35902a14abd9d19afb6e7f80e669ff8e2363270539d963613f04aaa21Pin SHA256: YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=
Great article for reading:
https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e