kader990 / android-rcs-ims-stack

Automatically exported from code.google.com/p/android-rcs-ims-stack
0 stars 0 forks source link

Should not trust all certificate #73

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Deploy a foo https server with a self-singed certifiate which was produced by 
openssl.
2.Modify HttpProvisionService::getConfig(),that is, I change the requestUri 
from conf.rcs.* to 192.168.1.100(A test https server with a self-singed 
certifiate )
3.Do not add self-signed certificate to android trust keystore

What is the expected output? What do you see instead?
  Should not execute https request successfully.But now stack execute https request successfully

What version of the product are you using? On what operating system?
 Stack2.4.4           Android4.0.3

Please provide any additional information below.

Original issue reported on code.google.com by fredhu...@gmail.com on 11 Jun 2012 at 6:09

GoogleCodeExporter commented 9 years ago
We support only public certificate.

See also GSMA 1.2 spec: "it is encouraged to use  public root certificates 
issued by a recognized CA (similar to those used by standard webservers which 
are widely recognized by browsers and web-runtime implementations both in PCs 
and handsets)".

Original comment by jmauffret@gmail.com on 11 Jun 2012 at 6:14

GoogleCodeExporter commented 9 years ago
Sure, we should use CA certificate, so the client should only trust the server 
with a CA certificate. But it seems that certificates[0].checkValidity() did 
not work correctly. Even the certificate is self-signed, but no exception 
occurs. Detail code as bellowing,

public void checkServerTrusted( X509Certificate[] certificates, String authType 
)
        throws CertificateException
    {
        if ( ( certificates != null ) && ( certificates.length == 1 ) )
        {
            certificates[0].checkValidity();
        }
        else
        {
            //standardTrustManager.checkServerTrusted( certificates, authType );
        }
    }

Original comment by fredhu...@gmail.com on 12 Jun 2012 at 1:02