android Google Play 警告:SSL 错误处理程序漏洞 [英] android Google Play Warning: SSL Error Handler Vulnerability
问题描述
我在我的应用中使用了 gorbin/ASNE SDK.我最近收到一封来自 Google 的电子邮件,主题如下:Google Play 警告:SSL 错误处理程序漏洞".在这封电子邮件中,Google 解释说我的应用程序有一个 [WebViewClient.onReceivedSslError 处理程序的不安全实现"]
他们建议我[要正确处理 SSL 证书验证,请更改代码以在服务器提供的证书满足您的期望时调用 SslErrorHandler.proceed(),否则调用 SslErrorHandler.cancel()"]
这是我对方法的实现:
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {handler.proceed();}有什么帮助吗?
解决办法是去掉onReceivedSslError
I use the gorbin/ASNE SDK in my app. I recently received an email from Google with the following subject : "Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler"]
and they recommended me to ["To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise"]
here's my implementation of the method :
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed();
}
any help please ?
the solution is to remove onReceivedSslError
这篇关于android Google Play 警告:SSL 错误处理程序漏洞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
