Bug #3336
changing pin fingerprint in fdroid does not trigger any error, warning
Status: | Closed | Start date: | 05/02/2014 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | pd0x | % Done: | 0% | |
Category: | - | |||
Target version: | improved security/usability | |||
Component: |
Description
If I change the fingerprint of the SPKI in `FDroidCertPins.java`, then run the update, this does not cause any error or warning, and FDroid happily updates from https://f-droid.org. That does not seem like the right behavior to me since a pin should represent the sole valid private key for that domain.
Related issues
History
#1 Updated by hans over 3 years ago
- Status changed from New to Closed
AndroidPinning has been removed from the FDroid app for now until it is more stable. A change in the f-droid.org certificate caused AndroidPinning to mark it as invalid, even though browsers think it is fine. I'm going to close this in favor of moving activity to this bug report: