What does the config to do this look like? From the linked documentation, it isn’t clear what you’re trying to accomplish is even possible.
The <domain-config> in network_security_config.xml is mostly intended to
- Amend the per-app TrustAnchors (roots and/or intermediates which aren’t validated themselves but used to validate other intermediates / end entities) available in Android’s default TrustStore (for PKI cert path building)
- Restrict cert validation to a handful of pinned certs.
I’ve not looked thoroughly, but from the API surface (in AOSP code), it looks like network_security_config.xml will only apply to Android apps using the Android SDK (Java / Kotlin) and not to C/C++/<other code> that may have to be compiled with the Android NDK (this is where I’d have tagged @anon63378630… alas).