The server to which the app connected had a temporary certificate, or something like that. I am only taking care of the Android app and in order to make the https web service calls, the app used the unsafe implementation of the interface X509TrustManager. Now the server certificate has been fixed and has a final certificate.
The following code works:
HttpClient mHttpClient = null;
HttpParams httpParameters = new BasicHttpParams();
HttpConnectionParams.setConnectionTimeout(httpParameters, 30000);
DefaultHttpClient client = new DefaultHttpClient(httpParameters);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
mHttpClient = new DefaultHttpClient(mgr, client.getParams());
final HttpParams params = mHttpClient.getParams();
HttpConnectionParams.setConnectionTimeout(params, HTTP_TIMEOUT);
HttpConnectionParams.setSoTimeout(params, HTTP_TIMEOUT);
ConnManagerParams.setTimeout(params, HTTP_TIMEOUT);
Basically, using this mHttpClient when making the web service calls does not rise any error or complaints and works as expected. However, I've seen implementations like this one which have a more secure approach.
My question is: by using the DefaultHttpClient simple as in the code above, could it rise some problems where on some devices the certificate may not be recognized as valid? Or better, should I go with the stored keystore as in the answer above?
