{ "id": "169646", "key": "MOD-2355", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10034", "key": "MOD", "name": "Appcelerator Modules", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [], "resolution": null, "resolutiondate": null, "created": "2017-08-28T06:17:36.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [], "versions": [], "issuelinks": [], "assignee": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "updated": "2018-06-22T12:35:03.000+0000", "status": { "description": "This issue was once resolved, but the resolution was deemed incorrect. From here issues are either marked assigned or resolved.", "name": "Reopened", "id": "4", "statusCategory": { "id": 2, "key": "new", "colorName": "blue-gray", "name": "To Do" } }, "components": [ { "id": "15019", "name": "Https" } ], "description": "As per the appcelerator document Modules.Https, when an invalid secure certificate is passed through the security manager an error \"Leaf certificate could not be verified with provided public key\" is reported. But this is working fine with the first request only\r\n\r\nWhen passing the valid secure certificate for the first URL request and an invalid certificate for the next URL request of the same domain the error isn't been logged. Or if we didn't apply the security manager for the first request and apply the valid security certificate to the next request of the same domain then also error isn't been logged.\r\n\r\nEX:\r\n{code:js}\r\nvar url1 = \"http://www.appcelerator.com/\";\r\n var securityManager = https.createX509CertificatePinningSecurityManager([\r\n {\r\n url: url1,\r\n serverCertificate: \"appcelerator.com.der\",\r\n }\r\n]);\r\n var httpClient = Ti.Network.createHTTPClient({\r\n onload: firstSuccess,\r\n onerror: firstfailure,\r\n timeout : 5000,\r\n securityManager: securityManager,\r\n validatesSecureCertificate : true,\r\n });\r\nhttpClient.open(\"GET\", url1); \r\nhttpClient.send();\r\n\r\nvar url2 = \"https://www.appcelerator.com/mobile-app-development-products/\";\r\n var securityManager = https.createX509CertificatePinningSecurityManager([\r\n {\r\n url: url2,\r\n serverCertificate: \"google.com.der\", // Should not work, because it's pinned to a different domain\r\n }\r\n]);\r\n var httpClient = Ti.Network.createHTTPClient({\r\n onload: secondSuccess,\r\n onerror: secondfailure,\r\n timeout : 5000,\r\n securityManager: securityManager,\r\n validatesSecureCertificate : true,\r\n });\r\nhttpClient.open(\"GET\", url2); \r\nhttpClient.send();\r\n{code}\r\n\r\nNow in the above example for the second request error method should be called because we are passing google certificate to the security manager. But in the code it is directly calling success method with out reporting any errors.", "attachment": [], "flagged": false, "summary": "appcelerator.https - Invalid certificate accepted if valid certificate was accepted before", "creator": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "environment": "Appcelerator studio: 4.8.2\r\nSDK: 5.5.0\r\nmacOS: 10.12.2\r\nappcelerator.https: 2.0.2", "closedSprints": [ { "id": 978, "state": "closed", "name": "2017 Sprint 25 SDK", "startDate": "2017-12-03T23:22:15.144Z", "endDate": "2017-12-17T23:22:00.000Z", "completeDate": "2017-12-18T22:32:02.770Z", "originBoardId": 114 }, { "id": 963, "state": "closed", "name": "2017 Sprint 22 SDK", "startDate": "2017-10-22T21:43:59.523Z", "endDate": "2017-11-05T22:43:00.000Z", "completeDate": "2017-11-06T16:33:42.425Z", "originBoardId": 114 }, { "id": 948, "state": "closed", "name": "2017 Sprint 19 SDK", "startDate": "2017-09-10T21:24:51.562Z", "endDate": "2017-09-24T21:24:00.000Z", "completeDate": "2017-09-25T17:49:27.460Z", "originBoardId": 114 }, { "id": 997, "state": "closed", "name": "2018 Sprint 03 SDK", "startDate": "2018-01-28T16:23:12.178Z", "endDate": "2018-02-11T16:23:00.000Z", "completeDate": "2018-02-12T04:22:49.354Z", "originBoardId": 114 }, { "id": 951, "state": "closed", "name": "2017 Sprint 20 SDK", "startDate": "2017-09-24T17:50:18.277Z", "endDate": "2017-10-08T17:50:00.000Z", "completeDate": "2017-10-09T20:38:07.840Z", "originBoardId": 114 }, { "id": 968, "state": "closed", "name": "2017 Sprint 23 SDK", "startDate": "2017-11-05T16:37:25.071Z", "endDate": "2017-11-19T16:37:00.000Z", "completeDate": "2017-11-20T18:57:56.565Z", "originBoardId": 114 }, { "id": 984, "state": "closed", "name": "2017 Sprint 26 SDK", "startDate": "2017-12-17T22:34:59.726Z", "endDate": "2017-12-31T22:34:00.000Z", "completeDate": "2018-01-02T16:57:05.655Z", "originBoardId": 114 }, { "id": 985, "state": "closed", "name": "2018 Sprint 01 SDK", "startDate": "2017-12-31T16:58:54.631Z", "endDate": "2018-01-14T16:58:00.000Z", "completeDate": "2018-01-17T22:44:27.028Z", "originBoardId": 114 }, { "id": 990, "state": "closed", "name": "2018 Sprint 02 SDK", "startDate": "2018-01-14T22:48:43.544Z", "endDate": "2018-01-28T22:48:00.000Z", "completeDate": "2018-01-29T16:22:42.911Z", "originBoardId": 114 }, { "id": 959, "state": "closed", "name": "2017 Sprint 21 SDK", "startDate": "2017-10-08T20:38:15.130Z", "endDate": "2017-10-22T20:38:00.000Z", "completeDate": "2017-10-24T23:55:56.605Z", "originBoardId": 114 }, { "id": 975, "state": "closed", "name": "2017 Sprint 24 SDK", "startDate": "2017-11-19T18:59:24.352Z", "endDate": "2017-12-03T18:59:00.000Z", "completeDate": "2017-12-04T23:20:14.151Z", "originBoardId": 114 }, { "id": 944, "state": "closed", "name": "2017 Sprint 18 SDK", "startDate": "2017-08-27T21:13:39.311Z", "endDate": "2017-09-10T21:13:00.000Z", "completeDate": "2017-09-10T21:24:16.435Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "427302", "author": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hello Appcelerator Team, Can you please help us on the issue which needs to be fixed ASAP.\r\n", "updateAuthor": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-08-28T10:49:29.000+0000", "updated": "2017-08-28T10:49:29.000+0000" }, { "id": "427391", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "Hey [~Manasa.chirumamilla], I just moved your issue and renamed some details to match your ticket description. We will take a look this week, but I think there was something related before that was caused by Apple / iOS caching the certificate once it's provided. Let me get bock to you later!\r\n\r\n*EDIT*: Your issue does not indicate you are using iOS, but it does indicate that you are using version 2.0.2, which could also be the Android module. Can you confirm this is happening on Android or iOS only?", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-08-30T06:48:05.000+0000", "updated": "2017-08-30T06:51:51.000+0000" }, { "id": "427393", "author": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hello [~Hans Knochel] Thank you for your response in this, Version - 2.0.2 is working fine for Android but the issue is with iOS only. However, we need support for lower SDK's(from 3.5.x) in Android because our application uses 3.5.x in Android, If we upgrade now there are some issues, so kindly accept my request and give the support for lower SDK's as well. ", "updateAuthor": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-08-30T07:40:48.000+0000", "updated": "2017-08-30T07:40:48.000+0000" }, { "id": "427800", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "Hey Manasa, I am sorry but we cannot offer updates to SDK's that reached end of support. You may instead resolve the issues from 3.x incrementally and move to 6.x, as it also includes major improvements and bugfixes especially for Android. ", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-09-12T15:15:59.000+0000", "updated": "2017-09-12T15:15:59.000+0000" }, { "id": "427823", "author": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hello Hans, thanks for your update on Android SDK's we will update our application to the latest SDK in Android. Can you please provide the updated module(appcelerator.https) of iOS with the raised bug fix, so that it would be helpful a lot.\r\n", "updateAuthor": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-09-13T05:25:38.000+0000", "updated": "2017-09-13T05:25:38.000+0000" }, { "id": "427918", "author": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hello Appcelerator Team, Please provide the iOS appcelerator.https module in which the raised bug has been fixed as we have been waiting a fix for this, as it is serious security issue in our application.", "updateAuthor": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-09-15T06:22:15.000+0000", "updated": "2017-09-15T06:22:15.000+0000" }, { "id": "428166", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "Reopening to investigate, but please do not open duplicate tickets. That will rather result in the opposite reaction. \r\n\r\nSo the latest iOS version did not work? The comment from August 30 does not make sense as you are talking about different iOS and Android versions that seem to be unrelated to this ticket. Please let us know which exact *iOS module version* you are using - the latest is 1.1.4 (your ticket says 2.0.2).", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-09-20T15:25:10.000+0000", "updated": "2017-09-20T15:25:19.000+0000" }, { "id": "428208", "author": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hello Hans, I have checked the iOS module for both the versions(1.1.4,2.0.2), both are having the same issue. ", "updateAuthor": { "name": "Manasa.chirumamilla", "key": "manasa.chirumamilla", "displayName": "Manasa Chirumamilla", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-09-21T04:38:35.000+0000", "updated": "2017-09-21T04:38:35.000+0000" }, { "id": "438633", "author": { "name": "sdarda", "key": "sdarda", "displayName": "Sharif AbuDarda", "active": false, "timeZone": "Asia/Dhaka" }, "body": "Hello, The example app comes with the module is having the error \"Certificate could not be verified with provided public key\". Tested with the SDK 7.1.1.GA and both iOS and Android platform. Both the latest module version, Android 3.0.0 and iOS 2.3.0. As noted \r\n\r\n\"The second URL, https://www.wellsfargo.com, is pinned to the public key in the X.509 certificate in the file named wellsfargo.cer. This is configured correctly. Connections to https://www.wellsfargo.com must succeed.\"\r\n\r\nBut it does not. Clicking on \"Load wellsfargo\" shows \"onerror called : Request failed. Log shows \"Certificate could not be verified with provided public key\". \r\n\r\nThanks.\r\n", "updateAuthor": { "name": "sdarda", "key": "sdarda", "displayName": "Sharif AbuDarda", "active": false, "timeZone": "Asia/Dhaka" }, "created": "2018-06-22T12:35:03.000+0000", "updated": "2018-06-22T12:35:03.000+0000" } ], "maxResults": 9, "total": 9, "startAt": 0 } } }