Bug #3336: changing pin fingerprint in fdroid does not trigger any error, warning - Bazaar - Guardian Project Dev (ARCHIVED SITE)

Copy

Bug #3336

changing pin fingerprint in fdroid does not trigger any error, warning

Added by hans over 3 years ago. Updated over 3 years ago.

Status:

Closed

Start date:

05/02/2014

Priority:

Normal

Due date:

Assignee:

pd0x

% Done:

Category:

Target version:

improved security/usability

Component:

Description

If I change the fingerprint of the SPKI in `FDroidCertPins.java`, then run the update, this does not cause any error or warning, and FDroid happily updates from https://f-droid.org. That does not seem like the right behavior to me since a pin should represent the sole valid private key for that domain.

Related issues

History

#1 Updated by hans over 3 years ago

Status changed from New to Closed

AndroidPinning has been removed from the FDroid app for now until it is more stable. A change in the f-droid.org certificate caused AndroidPinning to mark it as invalid, even though browsers think it is fine. I'm going to close this in favor of moving activity to this bug report:

https://gitlab.com/fdroid/fdroidclient/issues/80

Copy

Also available in: Atom PDF

	Related to Bazaar - Task #2896: write tests for F-Droid HTTPS chain verifier	Closed	01/22/2014
	Related to Bazaar - Task #3309: add relevant HTTPS cert pins to FDroidCertPins	Closed	04/26/2014

Core Apps » Bazaar

Issues

Custom queries

Bug #3336

changing pin fingerprint in fdroid does not trigger any error, warning

History

#1 Updated by hans over 3 years ago