Even if it is possible to include 2 fingerprints in the call to check the certificate presented by a server, this requires that a renewed certificate is created in advance, its fingerprint is included in the code of the mobile application and that the mobile application is deployed to all users before the new certificate can be installed on the server. I find that this creates too many constraints.

I would suggest that the plugin is extended to be able to check for the fingerprint of any certificate in the certificate chain presented by the server. This would allow certificate pinning to the certificate of a specific issuing CA (usually with a longer validity period). As long as server certificates are issued by the same trusted CA, this could give a good enough level of security while reducing considerably the need to update mobile applications with updated certificate fingerprints.

I already have some code working for Android and iOS. The plugin could be extended with another method (checkInCertChain) while leaving the ability to check specifically for the server certificate (check).
Before creating a pull request for it, are there comments in favor or against it?

I like the idea! This way we can leave that choice up to the developer. So yes, please go ahead.

I was out last week and I created a pull request with the proposed change (added new API checkInCertChain)

Was this finished with #19?

Absolutely!