Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Docs: Added a link to Updating Your Security Provider to Protect Against SSL Exploits" into oc-dev

Browse Source 
am: 459735662f

Change-Id: I31f036fa2365084454ac7899d92580e985bd9f21
This commit is contained in:
Jon Dormody
2017-11-09 16:17:35 +00:00
committed by android-build-merger
parent 2edd31e7fc 459735662f
commit 13e959bbec
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/java/android/net/SSLCertificateSocketFactory.java
View File

@@ -62,7 +62,12 @@ import javax.net.ssl.X509TrustManager;
* This implementation does check the server's certificate hostname, but only
* for createSocket variants that specify a hostname. When using methods that
* use {@link InetAddress} or which return an unconnected socket, you MUST
* verify the server's identity yourself to ensure a secure connection.</p>
* verify the server's identity yourself to ensure a secure connection.
*
* Refer to
* <a href="https://developer.android.com/training/articles/security-gms-provider.html">
* Updating Your Security Provider to Protect Against SSL Exploits</a>
* for further information.</p>
*
* <p>One way to verify the server's identity is to use
* {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a