Docs: Added a link to Updating Your Security Provider to Protect Against

SSL Exploits Test: make ds-docs Bug: 19110275 Change-Id: I3b0a35715c16c4e30a47aab9cbaf991770426c57
2017-11-08 16:58:16 -07:00
parent 44cd5b97ad
commit f72e8263c7
1 changed files with 6 additions and 1 deletions
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -62,7 +62,12 @@ import javax.net.ssl.X509TrustManager;
 * This implementation does check the server's certificate hostname, but only
 * for createSocket variants that specify a hostname.  When using methods that
 * use {@link InetAddress} or which return an unconnected socket, you MUST
- * verify the server's identity yourself to ensure a secure connection.</p>
+ * verify the server's identity yourself to ensure a secure connection.
+ *
+ * Refer to
+ * <a href="https://developer.android.com/training/articles/security-gms-provider.html">
+ * Updating Your Security Provider to Protect Against SSL Exploits</a>
+ * for further information.</p>
 *
 * <p>One way to verify the server's identity is to use
 * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a