Hi all, Some deployments need public-key pinning. Today this is done ad-hoc via custom verifiers. I’d like to add a *small, opt-in* decorator that enforces *SPKI SHA-256 pins* *after* normal trust-manager and hostname verification succeed. Defaults remain unchanged.
Pinning is operationally risky (rotations). This is opt-in only; strong docs will recommend *two pins* and keeping PKI+hostname checks enabled (we always call super.verifySession(...)). Thanks, Arturo
