TLS Certificate Validation at runtime (without adding certificate to bundle) #147
Conversation
|
This now works, although it is iOS only currently. I would greatly appreciate if someone could help port this to android, although I do plan to attack that eventually. You can now properly, and easily, for the first time in react-native land, validate client certificates with ease: fetch(uri, { cert })Where :dance: |
erulabs
changed the title
|
@erulabs Hi and thanks for the PR :) I have one question, why did you set allowInvalidCertificates=true |
|
Hey @MaxToyberman - I read somewhere (that I cannot find now) that that setting is poorly named, and really means "allowInvalidCACertificates". Since the servers we're speaking to are using self-signed certificates and we do not have the CA for those certificates (only the cert itself), we have to set this flag to true. Either way, with Possibly we could set this to an optional flag for the user - since it's possible they do want to both verify the certificate and the CA chain. |
|
Is there any progress on android implementation? 😅 |
Hello! I wrote a patch to resolve my question at #146 - this patch enables TLS certificate validation at runtime, without the need to pre-bundle the certificate into the app.
Why would someone do this, you ask? Our use-case at https://kubesail.com is home-hosting! Users of the app will have an mDNS
pibox.localaddress they can communicate with over their local wifi - we know the certificate that will be presented, but it will be different for each user, and is generated when a user registers! So we need client-cert-validation!We now can hand the cert to the app from our API, and the app can securely connect to the local server with ease! This means ultra fast / secure photo backup for us ❤️ I also noticed this is a fairly requested feature (https://react-native.canny.io/feature-requests/p/support-tls-client-certificate-authentication-in-fetch-api-implementation) - so possibly will bring new users to react-native-ssl-pinning!