Closed amovsesy closed 7 years ago
@stevengill Can you please take a look at this
Those methods are there to ignore the certificates if you pass trustAllHosts
param set to true (default is false)
@jcesarmobile, I understand, but this is violating Google's play ToS and it clearly states that any new updates or apps using an unsafe implementation of TrustManager will be blocked. https://support.google.com/faqs/answer/6346016. Given that, any apps using this code would be in violation and could be blocked from the google store.
Yeah, so the solution should be to deprecate trustAllHosts
, documenting it and then remove those methods, not to implement them with a safe implementation because that will make trustAllHosts
to stop working
+1 to @jcesarmobile's proposed solution.
+1 to deprecation as well.
Fixing a security issue which is banned by google play that can be found https://support.google.com/faqs/answer/6346016
Adding a check for the certificate that comes in when connecting to the server
Platforms affected
Android
What does this PR do?
Adds a check for the connection that gets created
What testing has been done on this change?
Ran the tests
Checklist