1

I am getting this warning from Play Store:

change the verify method in your custom HostnameVerifier interface to return false whenever the hostname of the server does not meet your expectations.

I want to know whether SSL Pinning using public key can help to solve this issue or not?? previously i was using following class

       public static void allowAllSSL() {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

       @Override
    public boolean verify(String arg0, SSLSession arg1) {
        return true;
    }

});

SSLContext context = null;
if (trustManagers == null) {
    trustManagers = new TrustManager[]{new HttpsTrustManager()};
}

try {
    context = SSLContext.getInstance("TLS");
    context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
} catch (KeyManagementException e) {
    e.printStackTrace();
}

HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}}`
S.Ambika
  • 292
  • 1
  • 14
  • You don't need certificate pinning to resolve the problem. The cause of rejection is the `allowAllSSL` method. In most cases, you can trust the system default HostnameVerifier. But even if you have some special case, you should start your verification by calling it. – Alex Cohn Apr 13 '21 at 19:02
  • @AlexCohn Thanks for your reply. Please help in this situation mentioned in this link https://stackoverflow.com/q/65949051/8063842. I need to solve this. It is related to SSL HandshakeException in webview. My whole SSL problem is related to this link – S.Ambika Apr 15 '21 at 05:30

0 Answers0