You probably shouldn't try to copy the trust anchor list. Since 4.0 it can be changed dynamically by the user. You should probably use a JNI call to use the SDK TrustManager to verify certificate chains. That is what the Browser and Chrome do. Part of the new implementation in 4.0 was to avoid loading all CAs in memory, so that only the ones that are used get loaded. If you enumerate all the CAs to import them, you'll also create a lot of garbage in memory.
-bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
