Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Docs: Added a link to Updating Your Security Provider to Protect Against SSL Exploits" into oc-dev am: 459735662f am: 13e959bbec

Browse Source 
am: d9696eb356

Change-Id: I616cd581d38cdae91c53b31325e08919efd92a8c
This commit is contained in:
Jon Dormody
2017-11-09 16:42:19 +00:00
committed by android-build-merger
parent f7c0f2e6bf d9696eb356
commit 5770dfd1e5
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/java/android/net/SSLCertificateSocketFactory.java
View File

@@ -63,7 +63,12 @@ import javax.net.ssl.X509TrustManager;
* This implementation does check the server's certificate hostname, but only
* for createSocket variants that specify a hostname. When using methods that
* use {@link InetAddress} or which return an unconnected socket, you MUST
* verify the server's identity yourself to ensure a secure connection.</p>
* verify the server's identity yourself to ensure a secure connection.
*
* Refer to
* <a href="https://developer.android.com/training/articles/security-gms-provider.html">
* Updating Your Security Provider to Protect Against SSL Exploits</a>
* for further information.</p>
*
* <p>One way to verify the server's identity is to use
* {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a