Google has published enough Android N code that we have access to the stuff for their network security configuration feature. This allows developers to provide certificates for custom CAs, for overriding Android's default CAs, and self-signed certificates, plus support for certificate pinning:
https://github.com/android/platform_frameworks_base/tree/android-n-preview-2/core/java/android/security/net/config Their code relies fairly heavily on conscrypt, secondarily on libcore. It also has a few things that only work on API Level 19+. As a result, my guess is that Google will not provide a backport, or at least whoever wrote this code was not expecting a backport. However, it does seem to route all its logic through an X509TrustManager, and some of the ickier libcore dependencies lie outside of that. So, if conscrypt can be replaced by spongycastle, an independent backport of the core functionality is not out of the question, which should be easier than a cleanroom implementation from the specification. Anyway, just an FYI, in case anyone's been pondering this stuff... -- Mark Murphy (a Commons Guy) https://commonsware.com | https://github.com/commonsguy https://commonsware.com/blog | https://twitter.com/commonsguy _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
