[AC-5213] appcelerator.https - Invalid certificate accepted if valid certificate was accepted before only for iOS

As per the appcelerator document Modules.Https, when an invalid secure certificate is passed through the security manager an error "Leaf certificate could not be verified with provided public key" is reported. But this is working fine with the first request only When passing the valid secure certificate for the first URL request and an invalid certificate for the next URL request of the same domain the error isn't been logged. Or if we didn't apply the security manager for the first request and apply the valid security certificate to the next request of the same domain then also error isn't been logged. EX: var url1 = "http://www.appcelerator.com/"; var securityManager = https.createX509CertificatePinningSecurityManager([ { url: url1, serverCertificate: "appcelerator.com.der", } ]); var httpClient = Ti.Network.createHTTPClient({ onload: firstSuccess, onerror: firstfailure, timeout : 5000, securityManager: securityManager, validatesSecureCertificate : true, }); httpClient.open("GET", url1); httpClient.send(); var url2 = "https://www.appcelerator.com/mobile-app-development-products/"; var securityManager = https.createX509CertificatePinningSecurityManager([ { url: url2, serverCertificate: "google.com.der", // Should not work, because it's pinned to a different domain } ]); var httpClient = Ti.Network.createHTTPClient({ onload: secondSuccess, onerror: secondfailure, timeout : 5000, securityManager: securityManager, validatesSecureCertificate : true, }); httpClient.open("GET", url2); httpClient.send();

// Some comments here
public String getFoo()
{
    return foo;
}

Now in the above example for the second request error method should be called because we are passing google certificate to the security manager. But in the code it is directly calling success method with out reporting any errors.