Hi,
I am setting ssl pinning config for my app, i am using network_security_config:
<?xml version="1.0" encoding="utf-8"?>
mydomain.com
KeyValue
This my androidManifest.xml:
<?xml version="1.0" encoding="utf-8"?>
network_security_config on my android isn’t work, i tried to set pin digest values with wrong value but api part still pass (if network_security_config is work, API part will fail and get ssl error).
On IOS, I tested with ssl pinning and everythings work fine, when i set correct key ssl pinning → API part works well and when i set wrong key ssl pinning → API part get ssl error (This proves that the SSL server is correct)
I don’t know what problem cause network_security_config on android isn’t work.
Hope anyone help me resolve this! Thanks.
I checked document
I guess it always bypass and it don’t apply network_security_config when i don’t set UnityWebReqeust.certificateHandler (it mean it will be null).
I can’t use UnityWebReqeust.certificateHandler because it only callback leaf certificate by
CertificateHandler.ValidateCertificate (Unity - Scripting API: Networking.CertificateHandler.ValidateCertificate) but i need to callback root certificate to check valid certificate.
How can i callback root certificate when call UnityWebRequest or network_security_config apply into unityWebRequest to check ssl pinning?
The network_security_config file in Android is used to configure network security settings if they will not work properly so there could be a few reasons for this.
Here are given troubleshooting steps:
- Need to Check Configuration
- Manifest Integration
- Debugging:
- Clear Text Traffic
- Device Configuration
- SSL Certificates
- Network Permissions
- Android Version Compatibility