[TIMOB-24246] Android: Use SecureRandom for SSLContext
| GitHub Issue | n/a |
|---|---|
| Type | Bug |
| Priority | Critical |
| Status | Closed |
| Resolution | Fixed |
| Resolution Date | 2017-01-04T19:25:12.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | Release 6.1.0 |
| Components | Android |
| Labels | n/a |
| Reporter | Gary Mathews |
| Assignee | Gary Mathews |
| Created | 2016-12-20T19:19:06.000+0000 |
| Updated | 2017-01-26T18:01:35.000+0000 |
Description
A [SecureRandom](https://developer.android.com/reference/java/security/SecureRandom.html) instance should be set in the constructor of [SSLContext](https://developer.android.com/reference/javax/net/ssl/SSLContext.html), instead of the default implementation.
master: https://github.com/appcelerator/titanium_mobile/pull/8704
[~gmathews] Any chance you could make a test case for me to verify this ?
[~awaldman] Yes, check that HTTPS works (y)
var http = Ti.Network.createHTTPClient({ onload: function () { Ti.API.info('response: ' + this.responseText); Ti.API.info('success'); } }); http.open('GET', 'https://httpbin.org/get'); http.send();[~gmathews] Thank you!!
Thursday 26th January: ENV: MacOS:10.12.1 XCODE: 8.2.1 GM (golden master) APPC CLI Core: 6.1.0 APPC CLI NPM: 4.2.8 SDK: 6.1.0.v20170126073441 Studio build: 4.8.1.201612050850 NPM: 2.15.9 Node: 4.5.0 Device: Google Pixel Android Version: 7.1 Step 1) Make classic app Step 2) Copy the following code into the app.js:
var http = Ti.Network.createHTTPClient({ onload: function () { Ti.API.info('response: ' + this.responseText); Ti.API.info('success'); } }); http.open('GET', 'https://httpbin.org/get'); http.send();[INFO] : response: {"args": {}, "headers": {"Accept-Encoding": "identity", "Host": "httpbin.org", "User-Agent": "Appcelerator Titanium/6.1.0 (Pixel; Android API Level: 25; en-US;)", "X-Requested-With": "XMLHttpRequest", "X-Titanium-Id": "cffa3bb1-e804-48ca-9eee-16bd32c2a01d"}, "origin": "96.90.253.33", "url": "https://httpbin.org/get"} [INFO] : success