lll000111
commented
7 years ago I think that's because that is the function getUnsafeOkHttpClient...
Open garyhow01 opened 7 years ago
lll000111
commented
7 years ago I think that's because that is the function getUnsafeOkHttpClient...
garyhow01
commented
7 years ago but why do that? for the purpose of development testing?
lll000111
commented
7 years ago I'm not familiar with that part of the code (I only contributed to filesystem stuff), but I think I saw an issue submitted by someone, and in response @wkh237 added this function. This is used when on a request the trusty option is true, which I think means "trust everyone". Just follow the code and look for that option in the issues list (closed ones too).
garyhow01
commented
7 years ago Do you know of any way to not override this but still get things working? i tried removing the whole method and compile successfully. but the feature broke and now the file cannot be loaded.
ebeninca
commented
6 years ago It's necessary to ignore self-signed certificates error. Normally this happens in dev environment, where you don't use a real signed certificate.
Hi, May i ask why did you override the verify method to always return true? wouldn't it be trusting all certs including invalid one presented by server i.e. man in middle attack. just want to understand the rationale for this.. Thanks!
In
react-native-fetch-blob/android/src/main/java/com/RNFetchBlob/RNFetchBlobUtils.java
OkHttpClient.Builder builder = client.newBuilder(); builder.sslSocketFactory(sslSocketFactory); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } });