search

pedroSG94 / RootEncoder

RootEncoder for Android (rtmp-rtsp-stream-client-java) is a stream encoder to push video/audio to media servers using protocols RTMP, RTSP, SRT and UDP with all code written in Java/Kotlin
Apache License 2.0
2.57k stars 776 forks source link

Unsafe implementation of the X509TrustManager interface #1563

Closed AnthonyWu-kkstream closed 2 months ago

AnthonyWu-kkstream commented 2 months ago

The AcceptAllCertificates class defines empty checkServerTrusted() and checkClientTrusted() methods, thereby disabling SSL validation and accepting any SSL certificate as valid if the class is used when connecting to a server over SSL/TLS.

Regardless of whether the affected classes are actually used at runtime, Google Play is blocking any app that defines such an insecure X509TrustManager, as detailed on Google's support page:

"Beginning May 17, 2016, Google Play will block the publishing of any new apps or updates containing an unsafe implementation of the X509TrustManager interface."

reference

pedroSG94 commented 2 months ago

Duplicated issue: https://github.com/pedroSG94/RootEncoder/issues/1562

Closing issue as dupicated