由于 HostnameVerifier 问题，Google 拒绝了应用 [英] Google rejected app because of HostnameVerifier issue

问题描述

Updated my app to trust all certificates in volley for sdk 17 and below as volley works fine without hostname verifier for higher sdk. It worked fine but google rejected my app update saying

Your app(s) are using an unsafe implementation of the HostnameVerifier interface.

I am using the following code

TrustManager[] trustAllCertsc = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    } };
    SSLContext scc = null;
    try {
        scc = SSLContext.getInstance("SSL");
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    try {
        scc.init(null, trustAllCertsc, new java.security.SecureRandom());
    } catch (KeyManagementException e) {
        e.printStackTrace();
    }
    HttpsURLConnection.setDefaultSSLSocketFactory(scc.getSocketFactory());
    // Create all-trusting host name verifier
    HostnameVerifier allHostsValidc = new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    };
    // Install the all-trusting host verifier
    HttpsURLConnection.setDefaultHostnameVerifier(allHostsValidc);

解决方案

Delete all of that code. You will fail multiple Play Store checks (HostnameVerifier and an accept-all TrustManager). Plus, the reason why the Play Store is rejecting your app is because, through this code, you are weakening app security.

这篇关于由于 HostnameVerifier 问题，Google 拒绝了应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！