|
|
|
|
|
|
by cesarb
4130 days ago
|
|
|
There's another issue with ignoring cert pining with user-added root certificates: if you add a root certificate that's missing on your client machine (for instance CAcert or your national CA like ICP-Brasil), the CA you added can bypass pining, even though it shouldn't be able to. On Mozilla, you can configure it to never bypass pining (security.cert_pinning.enforcement_level set to 2, see https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinn... ); I don't know how to do it on Chrome. |
|
|