|
|
|
|
|
|
by nlo
3223 days ago
|
|
|
Even with HPKP, many libs/apps behave like Firefox/Chrome in this respect: """
Firefox and Chrome disable pin validation for pinned hosts whose validated certificate chain terminates at a user-defined trust anchor (rather than a built-in trust anchor). This means that for users who imported custom root certificates all pinning violations are ignored. """ https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key... |
|
|