The checkClientTrusted() on an X509TrustManager would not be called on the client end. It would be called on the server's X509TrustManager when the Client Certificate is sent (for authenticating the client certificate).
On Fri, Aug 12, 2011 at 12:37 PM, Brian Carlstrom <[email protected]> wrote: > On Thu, Aug 11, 2011 at 11:46 PM, Shreya <[email protected]>wrote: > >> But checkclientcertificates are not getting called. >> > > what is checkclientcertificates? The SSLSocket implementation should call > chooseClientAlias and then use that result to call getPrivateKey and > getCertificateChain. getClientAliases is never called, if that is what you > meant. I assume that is more if you want to have a UI that presents a list > of choices, as part of implementing a UI version of chooseClientAlias. > However, if you have are using a X509KeyManager from the KeyManagerFactory, > you won't really see things getting called, unless you provided your own > proxy or are looking in the debugger or something. > > >> Actually, i wanted to accept whatever certificates server is sending >> > > that means you want a custom X509TrustManager that always returns true to > checkServerTrusted. > but now you are open to a man-in-the-middle attack, so why bother with SSL? > > -bri > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
