Michael Rogers: > On 06/09/16 10:48, Hans-Christoph Steiner wrote: >> Could we use this approach in NetCipher? I think Torsten that said this >> approach requires android-14 at least, but we could just use HTTP >> proxies to support older platforms. > > As far as I know this should work on any version of Android, but please > let me know if you run into any versions/devices where it doesn't work. > > Feel free to use the code in NetCipher if it's useful, any OSI license > you like.
Have you run tests yet of HTTPS verification using your technique? You can take code from the NetCipher tests if you want. I don't remember details now, but I know that when doing tricks with how Socket instances are created on Android, important pieces went missing, like hostname verification. In cases like these, it is important to remember that Android != Java. Android only promises to provide what they document in their SDK docs, not all of Java. And many companies choose to take that opportunity to get lazy/sloppy with their builds of Android. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
