|
Riseup's EE certificate expired (EE = End-Entity, the commercial
certificate signed by the issuer), and we weren't able to fetch
provider.json because the pin wasn't valid.
This problem needs to be avoided in the future, using
HKPK (https://tools.ietf.org/html/rfc7469), which Micah's implementing
on Riseup.
Switching from build types from flavors enables us to run tests against
production apk, not just debug. I didn't detect this pinning problem
because tests were run only against the debug apk, which trusted
preseeded providers by default (thus bypassing pinning issue).
|
