Should not trust all certificate

[GoogleCodeExporter]

What steps will reproduce the problem?
1.Deploy a foo https server with a self-singed certifiate which was produced by 
openssl.
2.Modify HttpProvisionService::getConfig(),that is, I change the requestUri 
from conf.rcs.* to 192.168.1.100(A test https server with a self-singed 
certifiate )
3.Do not add self-signed certificate to android trust keystore

What is the expected output? What do you see instead?
  Should not execute https request successfully.But now stack execute https request successfully

What version of the product are you using? On what operating system?
 Stack2.4.4           Android4.0.3

Please provide any additional information below.

Original issue reported on code.google.com by fredhu...@gmail.com on 11 Jun 2012 at 6:09

[GoogleCodeExporter]

We support only public certificate.

See also GSMA 1.2 spec: "it is encouraged to use  public root certificates 
issued by a recognized CA (similar to those used by standard webservers which 
are widely recognized by browsers and web-runtime implementations both in PCs 
and handsets)".

Original comment by jmauffret@gmail.com on 11 Jun 2012 at 6:14

• Changed state: WontFix

[GoogleCodeExporter]

Sure, we should use CA certificate, so the client should only trust the server 
with a CA certificate. But it seems that certificates[0].checkValidity() did 
not work correctly. Even the certificate is self-signed, but no exception 
occurs. Detail code as bellowing,

public void checkServerTrusted( X509Certificate[] certificates, String authType 
)
        throws CertificateException
    {
        if ( ( certificates != null ) && ( certificates.length == 1 ) )
        {
            certificates[0].checkValidity();
        }
        else
        {
            //standardTrustManager.checkServerTrusted( certificates, authType );
        }
    }

Original comment by fredhu...@gmail.com on 12 Jun 2012 at 1:02