自己的应用里用到了Https,直接默认允许了所有的证书:
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
} public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() {
return null;
}
};前天收到Google的邮件说这样不安全,需要在“checkServerTrusted”方法里判断证书是否符合预期并且抛出异常,我对这样发不怎么懂,这是判断证书是否有效合法么?谁遇到了这个问题
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
} public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() {
return null;
}
};前天收到Google的邮件说这样不安全,需要在“checkServerTrusted”方法里判断证书是否符合预期并且抛出异常,我对这样发不怎么懂,这是判断证书是否有效合法么?谁遇到了这个问题
13 try {
14 chain[0].checkValidity();
15 } catch (Exception e) {
16 throw new CertificateException("Certificate not valid or trusted.");
17 }
18 }