pinnedCertificates() breaks the Countly connection (Android)

[km4r]

After the SDK update (23.10.0 -> 24.4.1) I don't see any new data in Countly coming from Android devices. I found out it's due to the
Countly.pinnedCertificates('count.ly.cer'); usage, however on SDK 23.10.0 the same config works fine.

Notes:

• Certificate is valid for sure
• reproducible only in the Release Mode on Android - in Debug Mode I haven't noticed any issues
• checked also with previous SDK versions (23.12.0 and 24.4.0) - the same issue there
• React Native version: 0.74.1
• no issues on iOS

[turtledreams]

Hi @km4r , I have tested this with latest version and it is working fine for me in release mode. Can you specify what error you are seeing? After enabling SDK logs you can see what is the issue from Android Studio's logcat. Also where/when you are calling pinnedCertificates, where did you save the certificate and such.

[km4r]

Hi @turtledreams

1. Here is the error from Logcat:

2. I call pinnedCertificates right before the Countly init in the App.tsx file like this:

  useEffect(() => {

    ...

    (async () => {

     ...

      if (!(await Countly.isInitialized())) {
        Countly.pinnedCertificates('count.ly.cer');
        const countlyConfig = new CountlyConfig('COUNTLY_URL', 'COUNTLY_API');
        await Countly.initWithConfig(countlyConfig);
      }
    })();
  }, []);

3. The count.ly.cer file is saved in android/app/src/main/assets/

[turtledreams]

Hi @km4r , sorry for the delay. The way you provide the certificate seems correct. The ssl pinning code has not changed for quite a while so we think it should not be dependent on the sdk version change.
The error indicates an issue regarding subdomains. Did you set up a network security config for including subdomains? If that is the case there is no support for that currently. Will need to create a branch for it for you to test.

[km4r]

Thanks @turtledreams, do you mean this Android config?

<network-security-config>
    <base-config>
        <trust-anchors>
            <certificates src="user"/>
            <certificates src="system"/>
        </trust-anchors>
    </base-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">10.0.2.2</domain>
        <domain includeSubdomains="true">localhost</domain>
    </domain-config>
</network-security-config>

For now it looks like this - no specific config for the Countly Server there. Does the Countly.pinnedCertificates() method require an additional config somewhere else?

[turtledreams]

Hi @km4r. I created a new branch for you. Can you try building with it and let me know if it works: https://github.com/Countly/countly-sdk-react-native-bridge/tree/androidn-pinned

[km4r]

Thank you @turtledreams, looks like the issue is fixed on the branch you provided

[turtledreams]

@km4r great to hear that, will create a minor with the fix as soon as possible!