I'm sure the K9 guys wouldn't mind you looking over their code; http://code.google.com/p/k9mail/source/browse/k9mail/trunk/src/com/android/email/mail/store/TrustManagerFactory.java
Al. http://andappstore.com/ yukinoba wrote: > I see :-) > > It sounds good for this security mechanism. However, I still don't > know how to make an application-specific keystore for certain > application only... > And it sounds that Android has already provided a way for applications > to safely create their own certification rather than system > certification like u mentioned? Is there a guideline for this? I need > this for a HTTPS connection to a weather channel site and retrieve > weather information back. > > Thanks for ur help > > Best regards, > Nicholas > > On 12月19日, 下午4時01分, Al Sutton <a...@funkyandroid.com> wrote: > >> There is a very good reason why applications shouldn't be able to add >> certificates to the system keystore, and that's security. >> >> If an application wants a user to trust a certificate for the actions >> the application it's performing then that is decision made by the user >> in the context of that application. The application should not add that >> certificate to the system keystore because that would mean the the >> certificate becomes trusted in all applications, which is not what the >> user agreed to. >> >> Drawing a parallel with the desktop world; If I trust an SSL cert in >> FireFox that does not (and should not) make it a trusted certificate in >> Thunderbird. >> >> As a developer and a user I see it as a good thing that Android doesn't >> let applications do this, and I would be against any change to this >> policy just to make developers lives a bit easier. >> >> Al. >> >> >> >> yukinoba wrote: >> >>> hi, >>> >>> I have surveyed lots of solutions to this problem. However, most >>> solutions break (or say, cheat) the SSL verification for development >>> usage, and surely I don't want to make this kind of solutions in my >>> own application. Could you help to provide a guideline how to create >>> application-specific keystore? I have been read KeyStore class in the >>> Android SDK document but still has no idea how to make it. >>> >>> Thanks for ur help >>> >>> Best regards, >>> Nicholas >>> >>> On 12月12日, 上午1時00分, Michael <michael573...@gmail.com> wrote: >>> >>>> Yep, join the club. Lots of us are complaining about the inability to >>>> add certificates to the system keystore. >>>> >>>> One way that people have been working around this (in apps like >>>> k9mail, for example), is to use an application-specific keystore. >>>> >> -- >> ====== >> Funky Android Limited is registered in England & Wales with the >> company number 6741909. The registered head office is Kemp House, >> 152-160 City Road, London, EC1V 2NX, UK. >> >> The views expressed in this email are those of the author and not >> necessarily those of Funky Android Limited, it's associates, or it's >> subsidiaries. >> > > > -- ====== Funky Android Limited is registered in England & Wales with the company number 6741909. The registered head office is Kemp House, 152-160 City Road, London, EC1V 2NX, UK. The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
