Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Docs: Added a link to Updating Your Security Provider to Protect Against SSL Exploits" into oc-dev am: 459735662f

Browse Source 
am: 13e959bbec

Change-Id: Ic15e947e38c10d394081598e2c2886854388996a
This commit is contained in:
Jon Dormody
2017-11-09 16:26:50 +00:00
committed by android-build-merger
parent 97ff9f9d27 13e959bbec
commit d9696eb356
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/java/android/net/SSLCertificateSocketFactory.java
View File

@@ -63,7 +63,12 @@ import javax.net.ssl.X509TrustManager;
* This implementation does check the server's certificate hostname, but only
* for createSocket variants that specify a hostname. When using methods that
* use {@link InetAddress} or which return an unconnected socket, you MUST
* verify the server's identity yourself to ensure a secure connection.</p>
* verify the server's identity yourself to ensure a secure connection.
*
* Refer to
* <a href="https://developer.android.com/training/articles/security-gms-provider.html">
* Updating Your Security Provider to Protect Against SSL Exploits</a>
* for further information.</p>
*
* <p>One way to verify the server's identity is to use
* {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a