1

And how is it possible to achieve this using Android Volley? Does anyone have a clear code, showing how to accept a certificate from a Uknown CA?

Please, I'm not looking for another example, showing how to ignore self-signed SSL certificates. StackOverflow is full of it, and really, it's not a good idea, to accept any SSL certificate, when in fact. you just want to accept a specific. Period.

codermx
  • 235
  • 1
  • 2
  • 9
  • On Android 7.0+, use [the network security configuration](https://developer.android.com/training/articles/security-config.html) feature. I have [a backport](https://github.com/commonsguy/cwac-netsecurity), but I do not presently have integration instructions for Volley. – CommonsWare Sep 19 '16 at 20:02
  • I'll just this out. Thank you so much, @CommonsWare! – codermx Sep 19 '16 at 20:05
  • Do you have idea if the Network Security Configuration is supported by lower API versions? – codermx Sep 19 '16 at 20:22
  • Not directly. As I mentioned, I have [a backport](https://github.com/commonsguy/cwac-netsecurity) that works to Android 4.2. However, I do not presently have integration instructions for Volley, only for OkHttp and `HttpUrlConnection`. – CommonsWare Sep 19 '16 at 20:28
  • 1
    Perhaps my answer at http://stackoverflow.com/questions/32673568/does-android-volley-support-ssl/32674422#32674422 could help you little. For Android Nougat, beside CommonsWare's comment, you can also read http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html – BNK Sep 20 '16 at 04:31
  • I'll take a look. Thank you very much! I also have this question, which has a code which I'm working on. Let's cast some light over this subject :). I'm really upset about so many codes of "nuking" SSL verification... That's not right. Period. – codermx Sep 20 '16 at 04:51
  • The code that I have mentioned: http://stackoverflow.com/questions/39553999/how-can-i-make-android-volley-perform-https-request-using-a-certificate-self-si – codermx Sep 20 '16 at 05:02
  • Hi BNK. I saw your code, it seems that the most important part of it, is the inclusion of the "CertificateFactory" and "Certificate" objects. which you are using in order to import the truststore file from the "raw" resources. Afterwards, I see that you have created the KeyStore, but you're not loading the "trustore" to the Keystore object, not even passing the password of the BKS. Is that right? I tried to add the "CertificateFactory" and "Certificate" objects to my code, but no good (Trust anchor for certification path not found) Any help would be much appreciated. Thank you very much! – codermx Sep 20 '16 at 05:59
  • Hi! Since I use the cert file (.cer) not .bks file so no need password, you can see my another answer at http://stackoverflow.com/questions/32154115/android-volley-self-signed-https-trust-anchor-for-certification-path-not-found/32219177#32219177 for both cases. Actually, if your CA is stored in your phone (system or user-added CA), you don't have to use `getWrappedTrustManagers` since it will be trusted (of course from Android Nougat user-added CA will not be trusted by default) – BNK Sep 20 '16 at 07:33
  • 1
    Please read this Google doc for more info and explanation https://developer.android.com/training/articles/security-ssl.html#UnknownCa – BNK Sep 20 '16 at 07:41
  • Thanks for the doc, it helped a lot! I'm just having a little problem, regarding this try/catch (it's inside the constructor class), which is returning a "NullPointerException" but I just can't figure out: https://gist.github.com/ivanlmj/0f88e8fc418696c3c7f4168c1b6e9f47 Have you got any idea? For me, it seems pretty similar in comparison with the example from the link that you sent @BNK .. – codermx Sep 20 '16 at 15:40
  • I think you can debug (Shift - F5) your code to find out :) – BNK Sep 20 '16 at 22:03
  • It's my first time using the Debugger from AS, and for being honest with you, the debugger didn't showed me so much informations, in comparison with the Android Monitor, which shows me the LogCat(D/EXCEPTION !!! ->: java.lang.NullPointerException). I tried to debug the Activity which has this code in its constructor, but nothing comes.. I just can't find why it's giving NullPointerException. The Gist is pretty similar with the code that you have sent. P.S.: I came from Python, and Java still is a "uknown" land for me. – codermx Sep 20 '16 at 22:43
  • Sorry I cannot help, suggest that you debug to check step-by-step and find out which line fires NPE. Goodluck! – BNK Sep 21 '16 at 01:36

0 Answers0