certificate-pinning

I'm working with react_native_mqtt and need to implement secure mqtt communication between client and sever

雨燕双飞 提交于 2020-05-30 04:41:52
问题 While connecting to the mqtt server I'm setting useSSL to true. 443 port is being used. I need to use SSL pinning with this call, is setting useSSL flag enough? If not then suggest me the way in which I can use SSL pinning to securely connect with the server. I didn't fine anything related to certificate pinning in the react_native_mqtt library. Also, one of the libraries suggested to connect using node's tls.connect(). If anyone have used this ever please share. Thanks 来源: https:/

Certificate Pinning on UWP

三世轮回 提交于 2020-01-06 05:37:24
问题 We have a Xamarin.Forms project that is currently compiled for Android , iOS and UWP using .NET Standard 2.0 for the shared project. The communications is performed through a WCF Service Contract. In order to pin the certificate we implemented the following code as per examples. This works correctly on Android and iOS after making sure that are using the necessary HttpClient implementations under their project properties. ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

unexpected pyssl certificate error

房东的猫 提交于 2019-12-24 08:37:32
问题 I'm writing a small SSL proxy server and keep getting ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:661) from an android app client but not a browser. I did set ssl.CERT_NONE . Here is my test code: SSLcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) SSLcontext.load_cert_chain('server.crt', 'server.key') SSLcontext.verify_mode = ssl.CERT_NONE SSLcontext.check_hostname = False s = socket.socket() s.bind(('127.0.0.1', 443)) s.listen(5) c = s.accept()

Storing keystore password for certificate pinning in Android

回眸只為那壹抹淺笑 提交于 2019-12-23 04:32:43
问题 I've recently started to learn about security in Android apps and wanted to implement certificate-pinning . Found some useful information by googling around but I stumbled upon storing the keystore password which contains the server certificate. As I can't trust the Android filesystem to keep my keystore password secret, mainly because any rooted user would be able to dig it out eventually, I'm starting to wonder whether if it is really needed to securily store this keystore password or not ,

SSL Certificate Pinning not working anymore on Android 9

风流意气都作罢 提交于 2019-12-07 03:09:43
问题 I'm using the following certificate pinning code which has worked for a while (error handling edited out for brevity's sake): private static SSLContext _ssl_context = null; public static SSLSocketFactory get_ssl_socket_factory(Context context) { if (_ssl_context != null) { return _ssl_context.getSocketFactory(); } KeyStore keystore = get_keystore(context); try { TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); tmf.init(keystore); _ssl_context = SSLContext.getInstance("TLS");

SSL Certificate Pinning not working anymore on Android 9

别说谁变了你拦得住时间么 提交于 2019-12-05 05:59:46
I'm using the following certificate pinning code which has worked for a while (error handling edited out for brevity's sake): private static SSLContext _ssl_context = null; public static SSLSocketFactory get_ssl_socket_factory(Context context) { if (_ssl_context != null) { return _ssl_context.getSocketFactory(); } KeyStore keystore = get_keystore(context); try { TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); tmf.init(keystore); _ssl_context = SSLContext.getInstance("TLS"); _ssl_context.init(null, tmf.getTrustManagers(), null); return _ssl_context.getSocketFactory(); } catch