[TIMOB-15385] HTTPClient Not Validating SSL Certificate on Android
| GitHub Issue | n/a |
|---|---|
| Type | Bug |
| Priority | Low |
| Status | Closed |
| Resolution | Cannot Reproduce |
| Resolution Date | 2014-03-26T20:24:20.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | n/a |
| Components | Android |
| Labels | supportTeam |
| Reporter | Ben Wakeman |
| Assignee | Ingo Muschenetz |
| Created | 2013-10-01T21:17:08.000+0000 |
| Updated | 2017-03-27T22:16:28.000+0000 |
Description
Setting the validatesSecureCertificate property to true in the HTTPClient module does not work on the Android platform. Requests to invalid SSL sites are allowed to go through without exception. This feature does work as designed for iOS.
Example:
var xhr = Ti.Network.createHTTPClient();
xhr.validatesSecureCertificate = true;
This issue was discovered by the Bed Bath & Beyond security team with build of the mobile app on the Titanium 3.1.1 SDK using and Android 4.2 phone.
Does this mean the value is not true by default?
[~bwakeman] . Can you provide a reproducible test case? We need more information and steps to reproduce the issue. Also, please add Android OS version, Android phone model, Titanium SDK , Studio version and the operating system version. Thanks
@Michael - no it has nothing to do with the default value of the property, it has to do with the fact that even when the value is set to true, it is not validating SSL requests on android. @Radamantis - I've again forwarded a request to the Bed Bath and Beyond security team who raised the issue so they can provide us with the means to validate the issue.
Resolving as cannot reproduce. Needs confirmation by QE before closing.