Hi,
Since my app is going to access our own servers, I think I can use the
hack of trusting all certificates. I tried the following & still
fails :-(
SchemeRegistry schemeRegistry = new SchemeRegistry();
SSLSocketFactory sslSocketFactory =
SSLSocketFactory.getSocketFactory();
sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
ClientConnectionManager manager = new
ThreadSafeClientConnManager(httpParam, schemeRegistry);
DefaultHttpClient client = new DefaultHttpClient(manager, httpParam);
Thank you,
AJ
On Aug 22, 12:10 am, Bob Kerns <r...@acm.org> wrote:
> The CA root certificates have very long expiration dates, so this is
> much less of a problem than you may assume.
>
> It's still an issue -- CA certs could possibly be revoked in the event
> of a vulnerability or theft. But those are relatively remote
> possibilities, beyond what most phone apps would need to consider.
>
> On Aug 21, 9:16 am, DanH <danhi...@ieee.org> wrote:
>
> > The current cert may only be good for another 6-12 months. And if the
> > site isn't directly under the control of the app developer, the cert
> > may change at any time, and may even be changed to use a different
> > root.
>
> > There's probably no good solution to this problem, but the best I can
> > think of is to embed another app in your app that simply installs the
> > necessary cert(s), then have a way for that app to be updated as
> > needed.
>
> > On Aug 21, 7:09šam, Kostya Vasilyev <kmans...@gmail.com> wrote:
>
> > > Right, it does. If the site in question is part of the phone application's
> > > infrastructure, I personally would find it acceptable.
>
> > > --
> > > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH" <danhi...@ieee.org> ÎÁÐÉÓÁÌ:
>
> > > That assumes that the web site's cert won't change for the life of the
> > > app.
>
> > > On Aug 21, 3:18 am, Kostya Vasilyev <kmans...@gmail.com> wrote:
>
> > > > šAjay,
>
> > > > A more cryptographically correct solution would be to install the
> > > > missing Óertfiicate pieces wit...
> > > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev <kmans...@gmail.com
> > > > > <mailto:kmans...@gmail....
> > > > > š š You being able to open the site in desktop browser and on a
> > > > > š š Blackberry seems to impl...
>
> > >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > > š š This is a hack to accept all certificates.
>
> > > > > š š -- Kostya
>
> > > > > š š 20.08.2010 16:07,...
> > > > > š š š š using the following site:http://www.digicert.com/helpandittold
> > > > > š š š š that it was installed properly on the server.
>
> > > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > > š š š š <mailto:kmans...@gmail.com>> šwrote:
>
> > > > > š š š š š š šAjay,
>
> > > > > š š š š š š This can happen because the certificate is not signed
> > > > > by...
> > > > > š š <mailto:android-developers@googlegroups.com>
> > > > > š š To unsubscribe from this group, send email to
> > > > > š š android-developers+unsubscr...@googleg...
> > > > > š š
> > > > > <mailto:android-developers%2bunsubscr...@googlegroups.com<android-developer
> > > > > s%252bunsubscr...@googlegroups.com>
>
> > > > > š š For more options, visit this group at
> > > > > š šhttp://groups.google.com/group/android-develope...
>
>
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
