!!! This reposirtry is experimental and provides cases only for Android. Make sure to check this package that covers ssl pinning in Android and iOS. https://github.com/MaxToyberman/react-native-ssl-pinning
This project aims to show different cases of communication over SSL between your React Native application and your api.
Check branches for cases:
- Master branch without any SSL configuration. If you try to run application and press the button , you'll have this error :
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. - Disable SSL verification :danger
- Add trusted anchor for certificate path
- Even more security with SSL pinning
- SSL pinning using TrustKit
- SSL pinning combining TrustKit and custom implementation
*Notice: I did not implement iOS versions. You can find how to do it here and here.
You can read more about SSL pinning (and security) in React Native with theses links:
- https://medium.com/@jaedmuva/react-native-ssl-pinning-is-back-e317e6682642
- https://www.madebymany.com/stories/a-year-of-react-native-ssl-pinning
- http://tech.taskrabbit.com/blog/2016/06/17/enable-tls-android-with-react-native/
- https://developer.android.com/training/articles/security-config
- https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
- datatheorem/TrustKit-Android#6
Reference and misc :
- https://github.com/hawkup/react-native-ssl-pinning
- https://github.com/localz/react-native-pinch
- https://github.com/approov/react-native-cert-pinner
- https://github.com/wkh237/react-native-fetch-blob
- https://github.com/joltup/rn-fetch-blob
yarn
yarn server
yarn ios
yarn android
You can view console in Chrome or in React Native Debugger
Launch application and press button to make api call.