How can I detect certificate errors when attempting to access web content hosted on a HTTPS site with a certificate that would generate browser certificate errors or warnings?
It seems that currently the framework does not even send the HTTP request if the communication channel is not secure (i.e. if SSL is not enforced properly [e.g the validation of the certificate’s chain of trust fails])?
Similarly, what would be the best way to enforce certificate pinning?
Cheers
You can write your own PhoneGap Plugin based on the following SO question:
How to pin the Public key of a certificate on iOS
Here's some background on Pinning from the OWASP:
If you end up writing the plugin, let me know as I'm interested too.
check out this post, which includes a PhoneGap (Build) plugin for certificate pinning, by comparing the server certificate fingerprint with an expected value: http://www.x-services.nl/certificate-pinning-plugin-for-phonegap-to-prevent-man-in-the-middle-attacks/734
