android Google Play警告:SSL错误处理程序漏洞 [英] android Google Play Warning: SSL Error Handler Vulnerability
问题描述
我在我的应用程序中使用gorbin / ASNE SDK。我最近收到一封来自Google的电子邮件,内容如下:Google Play警告:SSL错误处理程序漏洞。在这封电子邮件中,Google解释说我的应用程序有一个[WebViewClient.onReceivedSslError处理程序的不安全实现]
,他们建议我将[正确处理SSL证书验证,只要服务器提供的证书满足您的期望,就更改您的代码以调用SslErrorHandler.proceed(),否则调用SslErrorHandler.cancel()否则]
这是我的执行该方法:
pre $ public $ onReceivedSslError(WebView视图,SslErrorHandler处理函数,SslError错误){
handler.proceed ();
}
任何帮助吗?
解决方案是删除onReceivedSslError
I use the gorbin/ASNE SDK in my app. I recently received an email from Google with the following subject : "Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler"]
and they recommended me to ["To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise"]
here's my implementation of the method :
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed();
}
any help please ?
the solution is to remove onReceivedSslError
这篇关于android Google Play警告:SSL错误处理程序漏洞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!