[
https://issues.apache.org/jira/browse/CB-3498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13973637#comment-13973637
]
Jacob Weber commented on CB-3498:
---------------------------------
Just wondering if there's any work happening on this. I saw some discussion on
the mailing list a while ago, but nothing else. I need to add pinning support
to my app, and I'm wondering if I should wait for an "official" plugin, or go
for something like
[this|https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin].
And an additional feature request, if this gets done: would it be possible to
have a JS hook to add valid certificates? I'm thinking of a scenario where you
have one pinned self-signed cert initially. You use that to make an AJAX call
to a server that you control, which returns a list of other valid certs, for
servers that your app will connect to. That way you can update the certs your
app can use, without forcing users to update the app. And since your pinned
cert is self-signed, you can make it valid for a long time. Would this make
sense (and be secure)?
> Certificate Pinning
> -------------------
>
> Key: CB-3498
> URL: https://issues.apache.org/jira/browse/CB-3498
> Project: Apache Cordova
> Issue Type: Wish
> Components: Android, iOS
> Affects Versions: 2.7.0
> Reporter: mgill
> Priority: Minor
> Labels: certificate, security
>
> It would be a handy feature to have certificate pinning supported
> Examples:
> https://github.com/iSECPartners/ssl-conservatory/tree/master/ios
> https://github.com/moxie0/AndroidPinning
--
This message was sent by Atlassian JIRA
(v6.2#6252)
