Hello there!
I wasn’t able to confirm this information from the documentation, but do you use certificate pinning inside your SDK when connecting to your servers?
Thank you!
Hello there!
I wasn’t able to confirm this information from the documentation, but do you use certificate pinning inside your SDK when connecting to your servers?
Thank you!
To my knowledge, there’s no certificate pinning in SDKs.
Often the platform or the SDK itself will provide a hook which allows you to pin any certificate you want like sentry.io
or to your self hosted Sentry.
I wonder if it was already considered to add it by default, when the DSN
points to sentry.io
for example.
Do you have a regulatory requirement or another motivation for this?
/cc @mitsuhiko, @HazAT
Yeah, we need it for regulatory reasons.
Can you link me to the method that provides the hook? We are using a sentry.io-hosted instance.
Thank you!
This is an example for .NET Framework.
For .NET Core (or any other runtime) on the new .NET SDK you can do it through the callback to HttpClientHandler
when it’s created.
Which SDKs are you using?
The Android SDK.
It looks like this can be done via app configuration without having to change any code:
Thank you, @bretthoerner, for your response!
A couple of things:
That’s fair, I’ve created an issue on sentry-java
for now: https://github.com/getsentry/sentry-java/issues/623
Thank you.