Stack Overflow
Stack Overflow

Questions tagged [trustmanager]

TrustManagers are a Java tool for Android responsible for managing the trust material that is used when making trust decisions, and for deciding whether credentials presented by a peer should be accepted.

71 questions
27
votes
5 answers

How to fix unsafe implementation of X509TrustManager in Android app

Google has advised that I have an unsafe implementation of the interface X509TrustManager in my Android application and need to change my code as follows: To properly handle SSL certificate validation, change your code in the checkServerTrusted…
Nabeel
  • 611
  • 1
  • 6
  • 11
24
votes
4 answers

Google Play security alert for insecure TrustManager

In one of my apps I'm using HTTPS with a self-signed certificate and followed the sample code from the android developer training site (https://developer.android.com/training/articles/security-ssl.html#UnknownCa). I recently got the following alert…
Muzikant
  • 8,070
  • 5
  • 54
  • 88
18
votes
3 answers

How can I make Android Volley perform HTTPS request, using a certificate self-signed by an Unknown CA?

Before making the question, I found some links, which I checked, one by one, and none of them, gives me a solution: well-kown CA HTTPS request using volley accept all SSL certificates No peer certificate Exception - Volley and Android with self…
codermx
  • 235
  • 1
  • 2
  • 9
12
votes
5 answers

You are using an unsafe implementation of X509TrustManager

I've an app in Google Play, today I received a mail from Google saying that: Google Play warning: You are using an unsafe implementation of X509TrustManager It says something about the SSL certificate issues and a way to solve the issue. I'm…
Midhun MP
  • 103,496
  • 31
  • 153
  • 200
9
votes
2 answers

Robolectric test that uses OkHttp for real HTTP requests throws java.lang.NullPointerException: No password supplied for PKCS#12 KeyStore

I'm using Robolectric 4.3.1 (testImplementation "org.robolectric:robolectric:4.3.1") to create an Android sqlite environment for my integration tests. My system uses OkHttp (implementation 'com.squareup.okhttp3:okhttp:3.14.7') for real HTTP…
Heath Borders
  • 30,998
  • 16
  • 147
  • 256
7
votes
4 answers

an unsafe implementation of the interface X509TrustManager from google

I hava an app in Google Play, I received a mail from Google saying that: Your app(s) listed at the end of this email use an unsafe implementation of the interface X509TrustManager. Specifically, the implementation ignores all SSL certificate…
zys
  • 1,306
  • 3
  • 18
  • 37
5
votes
1 answer

Unable to Extract trust manager on IBM JRE8 with OKHTTP3

Can Any one help on this please. I am also using OKHTTP3 version 4.8.1 to write HTTP2 client . Its Working on Oracle JDK 8 but not working on IBM JRE 8. Error message: java.lang.IllegalStateException: Unable to extract the trust manager on…
Java_Developer
  • 61
  • 1
  • 6
5
votes
1 answer

Unsafe implementation of the interface X509TrustManager - Google Play Services

First off, I should say, I'm mainly a PHP developer. I have a relatively aged app on Google Play that was built targeting API 15 back at the end of 2012. Have reviewed others' questions here relating to the unsafe implementation of the interface…
Joe
  • 69
  • 6
4
votes
2 answers

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. on api less 24

com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. I got this error in logcat on api from 19 to 24 and there is no data loading…
Amin
  • 463
  • 2
  • 11
  • 29
4
votes
0 answers

Fine grain X509 certificate checks and TrustManagerFactory initialization

I am trying to configure a https client in my android application that would perform fine grain checking on the certificate chain received from server. More precisely I would like to check : if the chain contains a given CA certificate (custom CA)…
Antelop
  • 157
  • 11
3
votes
1 answer

Insecure HostnameVerifier in Android

After 1st March when I have uploaded my app on beta group I got the particular mail from Google quoting: This information is intended for developers with app(s) using an unsafe implementation of the HostnameVerifier interface, which accepts all…
ritwik
  • 101
  • 1
  • 11
3
votes
1 answer

How to find the real class name from obfuscated ProGuard classname in my source code?

I got an email from Google about unsafe implementation of TrustManager with the only clue that the problematic code is in com.b.a.af class. Clearly that's the obfuscated name. How would I get the real class name from that obfuscated class name, in…
Levon
  • 1,681
  • 2
  • 18
  • 40
3
votes
1 answer

How to fix apps containing an unsafe implementation of TrustManager?

Saw a warning from Google next to my app's name in Developer Console, about unsafe implementation of TrustManager. I went through the code, but there's no single place where TrustManager or checkServerTrusted method is used, so I'm not sure where to…
Levon
  • 1,681
  • 2
  • 18
  • 40
3
votes
0 answers

How to use TrustManager and SSL certificate in android?

i need to know What is X509TrustManager and SSL certificate ? How to use them when establishing an HTTPS connection to a remote host ?
Fady Emad
  • 173
  • 2
  • 11
3
votes
0 answers

Getting security issue on Google Developer Console

Your app is using an unsafe implementation of the X509TrustManager interface with an Apache HTTP client, resulting in a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the…
Rohit
  • 76
  • 4
1
2 3 4 5