如何解决"Google Play will block publishing of any new apps or updates that use an unsafe implementation of HostnameVerifier"?
How to solve "Google Play will block publishing of any new apps or updates that use an unsafe implementation of HostnameVerifier"?
Beginning March 1, 2017, Google Play will block publishing of any new apps or updates that use an unsafe implementation of HostnameVerifier. Your published APK version will remain unaffected, however any updates to the app will be blocked unless you address this vulnerability.
Action required
To properly handle hostname verification, change the verify method in your custom HostnameVerifier interface to return false whenever the hostname of the server does not meet your expectations.
这是我从 Google Play 商店为我的一个应用程序收到的消息。我们正在使用 Apache 库进行一些 Web 服务调用。
如何解决这个问题?
分支并切换到 OkHttp。你有一个漫长的夜晚。
如消息中所述,在 HostnameVerifier class 中的 verify() 方法中,仅 returns true 用于您的应用程序信任的主机名。
试试这个。在建立连接之前调用此方法。
@SuppressLint("TrulyRandom")
public static void handleSSLHandshake() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
if(arg0.equalsIgnoreCase("google.com")
|| arg0.equalsIgnoreCase("firebasedynamiclinks.googleapis.com")
|| arg0.equalsIgnoreCase("youtube.com")) {
return true;
} else {
return false;
}
}
});
} catch (Exception ignored) {
}
}
Beginning March 1, 2017, Google Play will block publishing of any new apps or updates that use an unsafe implementation of HostnameVerifier. Your published APK version will remain unaffected, however any updates to the app will be blocked unless you address this vulnerability.
Action required
To properly handle hostname verification, change the verify method in your custom HostnameVerifier interface to return false whenever the hostname of the server does not meet your expectations.
这是我从 Google Play 商店为我的一个应用程序收到的消息。我们正在使用 Apache 库进行一些 Web 服务调用。
如何解决这个问题?
分支并切换到 OkHttp。你有一个漫长的夜晚。
如消息中所述,在 HostnameVerifier class 中的 verify() 方法中,仅 returns true 用于您的应用程序信任的主机名。
试试这个。在建立连接之前调用此方法。
@SuppressLint("TrulyRandom")
public static void handleSSLHandshake() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
if(arg0.equalsIgnoreCase("google.com")
|| arg0.equalsIgnoreCase("firebasedynamiclinks.googleapis.com")
|| arg0.equalsIgnoreCase("youtube.com")) {
return true;
} else {
return false;
}
}
});
} catch (Exception ignored) {
}
}