Open garyhow01 opened 7 years ago
I think that's because that is the function getUnsafeOkHttpClient
...
but why do that? for the purpose of development testing?
I'm not familiar with that part of the code (I only contributed to filesystem stuff), but I think I saw an issue submitted by someone, and in response @wkh237 added this function. This is used when on a request the trusty
option is true, which I think means "trust everyone". Just follow the code and look for that option in the issues list (closed ones too).
Do you know of any way to not override this but still get things working? i tried removing the whole method and compile successfully. but the feature broke and now the file cannot be loaded.
It's necessary to ignore self-signed certificates error. Normally this happens in dev environment, where you don't use a real signed certificate.
Hi, May i ask why did you override the verify method to always return true? wouldn't it be trusting all certs including invalid one presented by server i.e. man in middle attack. just want to understand the rationale for this.. Thanks!
In
react-native-fetch-blob/android/src/main/java/com/RNFetchBlob/RNFetchBlobUtils.java
OkHttpClient.Builder builder = client.newBuilder(); builder.sslSocketFactory(sslSocketFactory); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } });