WebView ssl 错误 [英] WebView ssl error
问题描述
对不起我的英语.我需要加载 url https,我有一些问题.当我尝试加载页面时,webView 给我错误
Sorry for my english. I need load url https, i have some problems. When i try load page, webView give me error
primary error: 3 certificate: Issued to: CN=my-site.com;
Issued by: CN=GeoTrust DV SSL CA - G3,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US;
on URL: https://my-site.com/tutorial.php
如果我创建自定义 WebView 客户端并像这样重新定义方法 onReceivedSslError:
if i create custom WebView client and redefine method onReceivedSslError like this:
@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
handler.proceed();
}
然后当我加载这个应用去玩市场时,谷歌的人会说我:
Then when i will load this app to play market, people from google will say me:
Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy
我可以解决这个问题,请执行以下操作:
I can fix this, do something like this:
final AlertDialog.Builder builder = new AlertDialog.Builder(WebViewTutorials.this);
String message = "SSL Certificate error.";
switch (error.getPrimaryError()) {
case SslError.SSL_UNTRUSTED:
message = "The certificate authority is not trusted.";
break;
case SslError.SSL_EXPIRED:
message = "The certificate has expired.";
break;
case SslError.SSL_IDMISMATCH:
message = "The certificate Hostname mismatch.";
break;
case SslError.SSL_NOTYETVALID:
message = "The certificate is not yet valid.";
break;
}
message += " Do you want to continue anyway?";
builder.setTitle("SSL Certificate Error");
builder.setMessage(message);
builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.proceed();
}
});
builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
//handler.cancel();
finish();
}
});
final AlertDialog dialog = builder.create();
dialog.show();
但是对于这个应用程序显示用户弹出窗口是不可接受的后端的人对我说这是你的客户端问题".我不知道我在做什么,需要显示用户 webView 页面但不显示带有警告的弹出窗口
but for this app show user popUp window is unacceptable People from backend sayd me "It your problem on client". I don't know what me do, need show user webView page but not show popUp window whith warnings
推荐答案
您好,您的第一个问题是 SSL 证书,WebView 无法生成 HTTPS 连接.无论如何,另一个问题是您覆盖方法 onReceivedSslError 并使用 handler.proceed();不告知用户您使用非安全连接是 android 的一个安全漏洞,因此 Play 商店不允许您发布您的 apk.
Hi your first problem is with your SSL certificate, the WebView does not to generate an HTTPS connection. Anyway the another problem is that you override the method onReceivedSslError and use handler.proceed(); without advise to the user that you use an no secure connection is an security vulnerability for android and for this reason the Play Store not allow to you to publish your apk.
最好的方法是纠正证书问题,因为应用程序可以通过 https 连接与服务器通信.
The best approach is to correct the certificate problem for the app can comunicate with the server with an https connection.
无论如何,您可以通过这种方式更改方法的实现,以避免发布问题:
Anyway, you can change the implementation of the method for example in this way to avoid the publish problem:
@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
final AlertDialog.Builder builder = new AlertDialog.Builder(this);
builder.setMessage(R.string.notification_error_ssl_cert_invalid);
builder.setPositiveButton("Continue", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.proceed();
}
});
builder.setNegativeButton("Cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.cancel();
}
});
final AlertDialog dialog = builder.create();
dialog.show();
}
您可以查看android开发者的安全部分以获取有关此漏洞和更正的更多信息.
You can check the security section of android developers to get more information about this vulnerability and the correction.
这篇关于WebView ssl 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
