Behavior when a third party certificate expires

[drshock]

If you use this library to pin third party certificates (servers you do not own) to protect API keys and user data, will the app be bricked when the certificates from those sites eventually expire? Looking to understand if TrustKit is an approach that would avoid such pinning behavior. This would be for an app that has to support iOS 7.1.2 and up.

[nabla-c0d3]

If you configure TrustKit to not enforce pinning for these domains (TSKEnforcePinning set NO), the App will work fine but you will still get reports for pinning validation failures (so you can see if your users are affected, and also detect when the certificates changed).
However, if you want to enforce pinning (ie. block connections when there's a validation failure), it is, as you said, not a good idea to do this for domains you don't own, as the certificate chain could change at any time and brick the App.