Android WebView SSL 'Security Warning'
I\'m building a test version of an app for a client. Part of this app uses a WebView that calls out to a SSL-based site. In turn, the client has provided a test domain where
-
Updated answer according Google's new Security policy update for SSL Error Handler, please see this Android Developers Help Center article.
For prevent rejection of application on Google Play for violating our Malicious Behavior policy.
To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.
For example, I add an alert dialog to make user have confirmed and seems Google no longer shows warning.
@Override public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) { final AlertDialog.Builder builder = new AlertDialog.Builder(this); String message = "SSL Certificate error."; switch (error.getPrimaryError()) { case SslError.SSL_UNTRUSTED: message = "The certificate authority is not trusted."; break; case SslError.SSL_EXPIRED: message = "The certificate has expired."; break; case SslError.SSL_IDMISMATCH: message = "The certificate Hostname mismatch."; break; case SslError.SSL_NOTYETVALID: message = "The certificate is not yet valid."; break; } message += " Do you want to continue anyway?"; builder.setTitle("SSL Certificate Error"); builder.setMessage(message); builder.setPositiveButton("continue", new DialogInterface.OnClickListener() { @Override public void onClick(DialogInterface dialog, int which) { handler.proceed(); } }); builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() { @Override public void onClick(DialogInterface dialog, int which) { handler.cancel(); } }); final AlertDialog dialog = builder.create(); dialog.show();}
加载中...
- 热议问题