STRICT

Strict mode: Enforces certificate pinning validation for all domains.

In strict mode, TrustPin throws an error when attempting to verify certificates for domains that are not registered in your pinning configuration. This provides the highest level of security by ensuring all connections are explicitly validated.

Behavior

• Registered domains: Certificate validation performed against configured pins

• Unregistered domains: Throws TrustPinError.DomainNotRegistered

• Pin mismatches: Throws TrustPinError.PinsMismatch

• Expired pins: Throws TrustPinError.AllPinsExpired

Use Cases

• ✅ Production applications with known, fixed API endpoints

• ✅ High-security environments requiring comprehensive validation

• ✅ Compliance requirements mandating certificate pinning

• ✅ Critical infrastructure applications

Security Benefits

• Complete coverage: Ensures no unvalidated connections

• Attack prevention: Blocks connections to potentially compromised domains

• Audit compliance: Provides clear security posture for audits

• Incident detection: Alerts when unexpected domains are accessed